CVE-2018-1204

Summary for CVE-2018-1204 (Isilon OneFS) : Dell EMC Isilon OneFS web console vulnerabilities include a path traversal flaw in the isi_phone_home tool that can be triggered when remote support is enabled, potentially allowing a malicious user with compadmin rights to execute arbitrary code with ro...

CVE-2018-1201

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may...

Dell EMC Isilon OneFS - Multiple Vulnerabilities

Exploit for linux platform in category web applications Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

Dell EMC Isilon OneFS XSS / Code Execution / CSRF

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

Dell EMC Isilon OneFS - Multiple Vulnerabilities

Dell EMC Isilon OneFS - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

Dell EMC Isilon OneFS - Multiple Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Dell EMC Isilon OneFS Multiple Vulnerabilities 1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:...

Dell EMC Isilon OneFS Multiple Vulnerabilities

1. Advisory Information Title: Dell EMC Isilon OneFS Multiple Vulnerabilities Advisory ID: CORE-2017-0009 Advisory URL:https://www.coresecurity.com/core-labs/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities Date published: 2018-02-14 Date of last update: 2018-02-15 Vendors contacted: Del...

CVE-2017-14387

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...

Design/Logic Flaw

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...

CVE-2017-14387

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...

CVE-2017-14387

The CVE-2017-14387 issue concerns EMC Isilon OneFS NFS exports. The affected products are OneFS versions 8.1.0.0, 8.0.1.0–8.0.1.1, and 8.0.0.0–8.0.0.4. The flaw is that changes to the default NFS export security flavor are not consistently propagated to all new and existing NFS exports configured...

CVE-2017-14387

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings including the NFS export security flavor for authentication that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly...

EMC Isilon OneFS NFS Export Security Bypass Vulnerability

EMC Isilon OneFS is a distributed file system that supports EMC Isilon Horizontally Scalable Storage System from EMC Corporation. The system combines the three layers of a traditional storage architecture file system, volume manager and data protection into a single unified software layer to crea...

EMC Isilon OneFS Privilege Vulnerability

EMC Isilon OneFS is a distributed file system that supports EMC Isilon Horizontally Scalable Storage System from EMC Corporation. The system combines the three layers of a traditional storage architecture file system, volume manager and data protection into a single unified software layer to crea...

EMC Isilon OneFS Privilege Escalation Vulnerability

EMC Isilon OneFS versions 7.x and 8.x suffer from a privilege escalation vulnerability. They contain an issue where a 'compadmin' user can potentially run restricted system commands with elevated root privilege on a cluster in compliance mode. EMC Isilon OneFS Privilege Escalation Vulnerability C...

Privilege escalation

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin compadmin account user could exploit a vulnerability in isigetitrace or isigetprofile maintenance scripts to run any shell script as system root on a cluster in...

CVE-2017-14380

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin compadmin account user could exploit a vulnerability in isigetitrace or isigetprofile maintenance scripts to run any shell script as system root on a cluster in...

CVE-2017-14380

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin compadmin account user could exploit a vulnerability in isigetitrace or isigetprofile maintenance scripts to run any shell script as system root on a cluster in...

CVE-2017-14380

EMC Isilon OneFS is affected by CVE-2017-14380, impacting versions 8.1.0.0; 8.0.1.0–8.0.1.1; 8.0.0.0–8.0.0.4; 7.2.1.0–7.2.1.5; 7.2.0.x; and 7.1.1.x. A malicious compadmin user can exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system ro...

Cross site scripting

EMC Isilon OneFS versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affected system...