CVE-2018-11071Improper Input Validation in EMC Isilon Onefs

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 38.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Dell EMC Isilon OnefsDell EMC Isilonsd EdgeEMC Isilonsd Edge+1 more
Timeline
PublishedSep 18
Latest updateMay 13

Description

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

CVEListV5dell_emc/isilonsd_edge8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x8.1.2
CVEListV5dell_emc/isilon_onefs7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x8.1.2
NVDemc/isilonsd_edge8.1.0.08.1.2.0+2
NVDemc/isilon_onefs7.1.1.07.1.1.11+5

🔴Vulnerability Details

2
GHSA
GHSA-jff5-j6r9-5g9x: Dell EMC Isilon OneFS versions 72022-05-13
CVEList
DSA-2018-147: Dell EMC Isilon OneFS and IsilonSD Edge Remote Process Crash Vulnerability2018-09-18
CVE-2018-11071 — Improper Input Validation | cvebase