Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1204 — Path Traversal in Dell EMC Isilon Onefs

CWE-22 — Path Traversal5 documents5 sources

Severity

6.7MEDIUMNVD

EPSS

0.9%

top 23.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Dell EMC Isilon Onefs Dell EMC Isilon Onefs

Timeline

PublishedMar 26

Latest updateMay 14

Description

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDdell/emc_isilon_onefs7.2.1.0 — 7.2.1.6+4

▶CVEListV5dell_emc/isilon_onefsversions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11

🔴Vulnerability Details

GHSA

GHSA-fqgg-5297-h6r4: Dell EMC Isilon OneFS versions between 8↗2022-05-14

▶

CVEList

CVE-2018-1204: Dell EMC Isilon OneFS versions between 8↗2018-03-26

▶

💥Exploits & PoCs

Exploit-DB

Dell EMC Isilon OneFS - Multiple Vulnerabilities↗2018-02-14

▶

💬Community

Bugzilla

CVE-2018-2811 Oracle JDK: unspecified vulnerability fixed in 8u171 and 10.0.1 (Install)↗2018-04-18

▶