CVE-2016-0907 — Isilon Onefs vulnerability

CWE-2543 documents3 sources

Severity

5.9MEDIUMNVD

EPSS

0.2%

top 53.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

EMC Isilon Onefs EMC Isilonsd Edge Onefs

Timeline

PublishedMay 30

Latest updateMay 17

Description

EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDemc/isilonsd_edge_onefs8.0.0.0

▶NVDemc/isilon_onefs22 versions+21

🔴Vulnerability Details

GHSA

GHSA-vw4c-6hqg-68fm: EMC Isilon OneFS 7↗2022-05-17

▶

CVEList

CVE-2016-0907: EMC Isilon OneFS 7↗2016-05-30

▶