Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1203Incorrect Permission Assignment in Dell EMC Isilon Onefs

CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
6.7MEDIUMNVD
EPSS
1.1%
top 22.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Dell EMC Isilon OnefsDell EMC Isilon Onefs
Timeline
PublishedMar 26
Latest updateMay 13

Description

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDdell/emc_isilon_onefs8.0.0.08.0.0.6+2
CVEListV5dell_emc/isilon_onefsversions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6

🔴Vulnerability Details

2
GHSA
GHSA-33mf-v24m-432m: In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges2022-05-13
CVEList
CVE-2018-1203: In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges2018-03-26

💥Exploits & PoCs

1
Exploit-DB
Dell EMC Isilon OneFS - Multiple Vulnerabilities2018-02-14

💬Community

1
Bugzilla
CVE-2018-2783 Oracle JDK: unspecified vulnerability fixed in 6u191, 7u171, and 8u161 (Security)2018-04-18
CVE-2018-1203 — Incorrect Permission Assignment in Dell | cvebase