CVE-2017-14380

In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
dellCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
emcisilon_onefs
7.1.1.0
emcisilon_onefs
7.1.1.1
emcisilon_onefs
7.1.1.2
emcisilon_onefs
7.1.1.3
emcisilon_onefs
7.1.1.4
emcisilon_onefs
7.1.1.5
emcisilon_onefs
7.2.0.0
emcisilon_onefs
7.2.0.1
emcisilon_onefs
7.2.0.2
emcisilon_onefs
7.2.0.3
emcisilon_onefs
7.2.0.4
emcisilon_onefs
7.2.0.5
emcisilon_onefs
7.2.1.0
emcisilon_onefs
7.2.1.1
emcisilon_onefs
7.2.1.2
emcisilon_onefs
7.2.1.3
emcisilon_onefs
7.2.1.4
emcisilon_onefs
7.2.1.5
emcisilon_onefs
8.0.0.0
emcisilon_onefs
8.0.0.1
emcisilon_onefs
8.0.0.2
emcisilon_onefs
8.0.0.3
emcisilon_onefs
8.0.0.4
emcisilon_onefs
8.0.1.0
emcisilon_onefs
8.0.1.1
emcisilon_onefs
8.1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2017/Dec/41
http://www.securityfocus.com/bid/102210
http://seclists.org/fulldisclosure/2017/Dec/41
http://www.securityfocus.com/bid/102210