CVE-2017-14380

Published Dec 13, 2017

Last updated 5 years ago

CVSS medium 6.7

Overview

Description: In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.7
Impact score: 5.9
Exploitability score: 0.8
Vector string: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-269

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEDB97FE-6470-4AFE-A3B0-B664F132A190"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A669BE6B-726F-4F34-A009-798E32FF6895"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AE74624-A44D-4837-AD36-DBF3E93D5ED9"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47CBA2E5-6E46-4922-B56B-3F8C578074B1"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90C22C93-9069-406E-9A14-03F20AD34D11"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.1.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDD30754-489E-42BA-8B51-1FEB5DC30912"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B87E8EEE-42AA-48B3-ABBE-9CE7FD2C275B"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F09B14D-2C84-47F2-8F7F-6F8DAEFFF106"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5F6E200D-49D6-492C-8B38-CBED90CA8118"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1600B1F-C307-457B-BC84-73339A64DF8D"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE2687A1-97EC-4777-9CC1-164D525C56E5"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08C3C4C1-505B-4171-831B-7FD7EB34B45C"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A17F44A3-8C09-49EE-8545-51C57F36B801"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCE2CA2E-BFAD-4D87-BAAA-DA63C88F38D5"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11DF0A4B-702E-4E6B-AD2D-086F76B6DBB2"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80042980-E2BB-49F0-A3DB-BE22ECF820C9"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2B3BD02-4CA9-4D00-A5B5-F3EBB7DACDEF"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "217B6DC1-07E4-4A1E-8867-85C258778E5B"
          },
          {
            "criteria": "cpe:2.3:o:emc:isilon_onefs:8.1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "847B0C10-6DCA-49FE-836C-F547B573A647"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References