Lucene search

[email protected]NVD:CVE-2018-1203

HistoryMar 26, 2018 - 6:29 p.m.

CVE-2018-1203

2018-03-2618:29:01

CWE-732

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.

Affected configurations

Nvd

Node

dellemc_isilon_onefsRange8.0.0.0–8.0.0.6

dellemc_isilon_onefsRange8.0.1.0–8.0.1.2

dellemc_isilon_onefsRange8.1.0.0–8.1.0.1

References

seclists.org/fulldisclosure/2018/Mar/50

www.securityfocus.com/bid/103033

www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities

www.exploit-db.com/exploits/44039/

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

41.3%

JSON

Related for NVD:CVE-2018-1203

cvelist1 prion1 cve1 zdt1 packetstorm1 exploitpack1 coresecurity1 exploitdb1