NFS Export Vulnerability in EMC Data Domain OS
CVE-2016-0911

8.2HIGH

Key Information:

Vendor: Dell
Status: Emc Data Domain Os
Vendor: CVE Published:; 19 June 2016

Summary

EMC Data Domain OS versions 5.4 through 5.7 prior to 5.7.2.0 possess a vulnerability related to NFS exports which defaults to allowing no_root_squash. This configuration flaw can be exploited by remote attackers, enabling them to gain unauthorized filesystem access by leveraging client root privileges. Organizations utilizing affected versions are advised to reassess their NFS export configurations to mitigate potential risks.

References

http://www.securitytracker.com/id/1036079

vdb-entryx_refsource_SECTRACK

http://seclists.org/bugtraq/2016/Jun/50

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 19, 2016
Vulnerability Reserved
Dec 17, 2015