Path Traversal Vulnerability in Dell EMC Isilon OneFS Product
CVE-2018-1204

6.7MEDIUM

Key Information:

Vendor
Dell
Status
Isilon Onefs
Vendor
CVE Published:
26 March 2018

Summary

The Isilon OneFS product from Dell EMC is susceptible to a path traversal vulnerability within the isi_phone_home tool, allowing an authenticated attacker with administrative privileges to potentially execute arbitrary code. Exploitation of this vulnerability could lead to unauthorized access and complete control over the system, underscoring the importance of timely patching and robust security practices.

Affected Version(s)

Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11

References

http://www.securityfocus.com/bid/103033
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-listx_refsource_FULLDISC
https://www.coresecurity.com/advisories/dell-emc-isilon-o...
x_refsource_MISC

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.