Dell EMC Isilon OneFS Multiple Security Vulnerabilities



Dell EMC Isilon OneFS is prone to the following multiple security vulnerabilities.
1. A cross-site request-forgery vulnerability
2. A local privilege escalation vulnerability
3. A remote privilege escalation vulnerability
4. Multiple HTML-injection vulnerabilities

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user or to gain elevated root privileges and perform certain unauthorized actions and gain access to the affected application.

Information

Bugtraq ID: 103033
Class: Design Error
CVE: CVE-2018-1213
CVE-2018-1203
CVE-2018-1204
CVE-2018-1186
CVE-2018-1187
CVE-2018-1188
CVE-2018-1189
CVE-2018-1201
CVE-2018-1202

Remote: Yes
Local: Yes
Published: Feb 14 2018 12:00AM
Updated: Feb 14 2018 12:00AM
Credit: Ivan Huertas and Maximiliano Vidal from Core Security Consulting Services.
Vulnerable: Dell EMC Isilon OneFS 8.1.1.0
Dell EMC Isilon OneFS 8.1.0.1
Dell EMC Isilon OneFS 8.1.0.0
Dell EMC Isilon OneFS 8.0.1.2
Dell EMC Isilon OneFS 8.0.1.0
Dell EMC Isilon OneFS 8.0.0.6
Dell EMC Isilon OneFS 8.0.0.0
Dell EMC Isilon OneFS 7.2.1.0
Dell EMC Isilon OneFS 7.1.1.11


Not Vulnerable:

Exploit


The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.


Related Posts