Overview
- Description
- The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_isilon_onefs:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1041FD80-0BC7-4C1E-B310-B17EB68668D6",
"versionEndIncluding": "8.2.2"
},
{
"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5422D856-00B1-47FA-8D62-9B464A43BAC9"
}
],
"operator": "OR"
}
]
}
]