Cross-Site Request Forgery in Dell EMC Isilon OneFS
CVE-2018-1213

8.8HIGH

Key Information:

Vendor

Dell
Status
Isilon Onefs
Vendor
CVE Published:
26 March 2018

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2018-1213?

Dell EMC Isilon OneFS is affected by a cross-site request forgery vulnerability, enabling malicious actors to send unauthorized requests to the server impersonating authenticated users. This vulnerability spans several versions of OneFS, potentially exposing users to significant risks if not addressed promptly.

Affected Version(s)

Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, version 7.1.1.11 and 8.1.0.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-1213 - Proof of Concept

References

http://www.securityfocus.com/bid/103033
vdb-entryx_refsource_BID
http://seclists.org/fulldisclosure/2018/Mar/50
mailing-listx_refsource_FULLDISC
https://www.coresecurity.com/advisories/dell-emc-isilon-o...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.