7.2

CVE-2017-14380

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.

Data is provided by the National Vulnerability Database (NVD)
EmcIsilon Onefs Version7.1.1.0
EmcIsilon Onefs Version7.1.1.1
EmcIsilon Onefs Version7.1.1.2
EmcIsilon Onefs Version7.1.1.3
EmcIsilon Onefs Version7.1.1.4
EmcIsilon Onefs Version7.1.1.5
EmcIsilon Onefs Version7.2.0.0
EmcIsilon Onefs Version7.2.0.1
EmcIsilon Onefs Version7.2.0.2
EmcIsilon Onefs Version7.2.0.3
EmcIsilon Onefs Version7.2.0.4
EmcIsilon Onefs Version7.2.0.5
EmcIsilon Onefs Version7.2.1.0
EmcIsilon Onefs Version7.2.1.1
EmcIsilon Onefs Version7.2.1.2
EmcIsilon Onefs Version7.2.1.3
EmcIsilon Onefs Version7.2.1.4
EmcIsilon Onefs Version7.2.1.5
EmcIsilon Onefs Version8.0.0.0
EmcIsilon Onefs Version8.0.0.1
EmcIsilon Onefs Version8.0.0.2
EmcIsilon Onefs Version8.0.0.3
EmcIsilon Onefs Version8.0.0.4
EmcIsilon Onefs Version8.0.1.0
EmcIsilon Onefs Version8.0.1.1
EmcIsilon Onefs Version8.1.0.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.06% 0.153
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

http://seclists.org/fulldisclosure/2017/Dec/41
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/102210
Third Party Advisory
VDB Entry