CVE-2016-0911 — Dell EMC Data Domain OS vulnerability

CWE-2643 documents3 sources

Severity

8.2HIGHNVD

EPSS

0.4%

top 42.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell EMC Data Domain OS

Timeline

PublishedJun 19

Latest updateMay 13

Description

EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default no_root_squash option for NFS exports, which makes it easier for remote attackers to obtain filesystem access by leveraging client root privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages1 packages

▶NVDdell/emc_data_domain_os5.7.1.0

🔴Vulnerability Details

GHSA

GHSA-mg76-j42m-6p6f: EMC Data Domain OS 5↗2022-05-13

▶

CVEList

CVE-2016-0911: EMC Data Domain OS 5↗2016-06-19

▶