Lucene search

[email protected]CVE-2018-11071

HistorySep 18, 2018 - 9:29 p.m.

CVE-2018-11071

2018-09-1821:29:02

CWE-20

[email protected]

web.nvd.nist.gov

dell

emc

isilon

onefs

isilonsd edge

vulnerability

remote process crash

nvd

cve-2018-11071

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC IsilonSD Edge versions 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 contain a remote process crash vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the isi_drive_d process by sending specially crafted input data to the affected system. This process will then be restarted.

Affected configurations

NVD

Node

emcisilon_onefsRange7.1.1.0–7.1.1.11

emcisilon_onefsRange7.2.1.0–7.2.1.6

emcisilon_onefsRange8.0.0.0–8.0.0.7

emcisilon_onefsRange8.0.1.0–8.0.1.2

emcisilon_onefsRange8.1.0.0–8.1.0.4

emcisilon_onefsRange8.1.1.0–8.1.2.0

Node

emcisilonsd_edgeRange8.0.0.0–8.0.0.7

emcisilonsd_edgeRange8.0.1.0–8.0.1.2

emcisilonsd_edgeRange8.1.0.0–8.1.2.0

CPENameOperatorVersion
emc:isilon_onefsemc isilon onefsle7.1.1.11
emc:isilon_onefsemc isilon onefsle7.2.1.6
emc:isilon_onefsemc isilon onefsle8.0.0.7
emc:isilon_onefsemc isilon onefsle8.0.1.2
emc:isilon_onefsemc isilon onefsle8.1.0.4
emc:isilon_onefsemc isilon onefsle8.1.2.0

CPE	Name	Operator	Version
emc:isilon_onefs	emc isilon onefs	le	7.1.1.11
emc:isilon_onefs	emc isilon onefs	le	7.2.1.6
emc:isilon_onefs	emc isilon onefs	le	8.0.0.7
emc:isilon_onefs	emc isilon onefs	le	8.0.1.2
emc:isilon_onefs	emc isilon onefs	le	8.1.0.4
emc:isilon_onefs	emc isilon onefs	le	8.1.2.0

CNA Affected

[
  {
    "product": "Isilon OneFS",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "8.1.2 ",
        "status": "affected",
        "version": "7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "IsilonSD Edge",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "8.1.2 ",
        "status": "affected",
        "version": "8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x",
        "versionType": "custom"
      }
    ]
  }
]

References

seclists.org/fulldisclosure/2018/Sep/19

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

56.8%

JSON

Related for CVE-2018-11071

prion1 cvelist1 nvd1