Elevated Privilege Vulnerability in Dell EMC Isilon OneFS
CVE-2018-1203

6.7MEDIUM

Key Information:

Vendor
Dell
Status
Isilon Onefs
Vendor
CVE Published:
26 March 2018

Summary

A vulnerability exists in Dell EMC Isilon OneFS that allows a user with compadmin privileges to execute the tcpdump binary with root privileges. Specifically, within certain versions, the misconfiguration permits the compadmin to run tcpdump with sudo, enabling the potential execution of arbitrary code at the root level. This flaw raises significant security concerns as it compromises the integrity of the system, providing unauthorized access to sensitive operations that should be restricted.

Affected Version(s)

Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6

References

http://www.securityfocus.com/bid/103033
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-listx_refsource_FULLDISC
https://www.coresecurity.com/advisories/dell-emc-isilon-o...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.