Emc Isilon Onefs vulnerabilities

15 known vulnerabilities affecting emc/isilon_onefs.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH8MEDIUM6

Vulnerabilities

Page 1 of 1

CVE-2018-11071HIGHCVSS 7.5≥ 7.1.1.0, ≤ 7.1.1.11≥ 7.2.1.0, ≤ 7.2.1.6+4 more2018-09-18

CVE-2018-11071 [HIGH] CWE-20 CVE-2018-11071: Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending

nvd

CVE-2017-14387MEDIUMCVSS 6.5v8.0.0.0v8.0.0.1+6 more2017-12-20

CVE-2017-14387 [MEDIUM] CVE-2017-14387: The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains defa The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all

nvd

CVE-2017-14380MEDIUMCVSS 6.7v7.1.1.0v7.1.1.1+24 more2017-12-13

CVE-2017-14380 [MEDIUM] CWE-269 CVE-2017-14380: In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7 In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to

nvd

CVE-2017-8024MEDIUMCVSS 6.1v7.2.1.0v7.2.1.1+8 more2017-10-18

CVE-2017-8024 [MEDIUM] CWE-79 CVE-2017-8024: EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, v EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system.

nvd

CVE-2017-4988HIGHCVSS 7.2v7.1.0.0v7.1.0.5+28 more2017-06-21

CVE-2017-4988 [HIGH] CVE-2017-4988: EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalat EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.

nvd

CVE-2017-4979HIGHCVSS 7.1v7.2.0.0v7.2.0.1+9 more2017-05-19

CVE-2017-4979 [HIGH] CVE-2017-4979: EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is aff EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports.

nvd

CVE-2017-4980HIGHCVSS 7.5v7.1.0.5v7.1.0.6+22 more2017-03-29

CVE-2017-4980 [HIGH] CWE-22 CVE-2017-4980: EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to compromise the affected system. Affected versions are 7.1.0 - 7.1.1.10, 7.2.0 - 7.2.1.3, and 8.0.0 - 8.0.0.1.

nvd

CVE-2016-9871HIGHCVSS 7.2v7.1.0.0v7.1.0.5+21 more2017-02-03

CVE-2016-9871 [HIGH] CWE-264 CVE-2016-9871: EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, E EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, EMC Isilon OneFS 7.1.0.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.

nvd

CVE-2016-9870MEDIUMCVSS 6.7v7.1.0.0v7.1.0.1+24 more2017-01-23

CVE-2016-9870 [MEDIUM] CWE-90 CVE-2016-9870: EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon O EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.

nvd

CVE-2016-0908MEDIUMCVSS 6.7v7.1.0.0v7.1.0.1+22 more2016-06-04

CVE-2016-0908 [MEDIUM] CWE-264 CVE-2016-0908: EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root she EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows local users to obtain root shell access by leveraging administrative privileges.

nvd

CVE-2016-0907MEDIUMCVSS 5.9v7.1.0.0v7.1.0.1+20 more2016-05-30

CVE-2016-0907 [MEDIUM] CWE-254 CVE-2016-0907: EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8. EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.

nvd

CVE-2015-4545HIGHCVSS 8.0≤ 7.1.1.7v7.1.0.0+10 more2015-12-21

CVE-2015-4545 [HIGH] CWE-264 CVE-2015-4545: EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote au EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.

nvd

CVE-2015-6848HIGHCVSS 8.5≤ 7.1.1.0v7.1.1.1+7 more2015-11-27

CVE-2015-6848 [HIGH] CWE-284 CVE-2015-6848: EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.

nvd

CVE-2015-4525CRITICALCVSS 9.0≤ 7.1.1.0v7.1.1.1+5 more2015-07-04

CVE-2015-4525 [CRITICAL] CWE-77 CVE-2015-4525: The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x throug The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

nvd

CVE-2015-0528HIGHCVSS 7.2≤ 7.0.2.12v7.1.0.0+8 more2015-03-29

CVE-2015-0528 [HIGH] CWE-264 CVE-2015-0528: The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 befo The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.

nvd