CVE-2017-14380

EUVD-2017-5883
In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, 7.2.1.0 - 7.2.1.5, 7.2.0.x, and 7.1.1.x, a malicious compliance admin (compadmin) account user could exploit a vulnerability in isi_get_itrace or isi_get_profile maintenance scripts to run any shell script as system root on a cluster in compliance mode. This could potentially lead to an elevation of privilege for the compadmin user and violate compliance mode.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
emcisilon_onefs
7.1.1.0
emcisilon_onefs
7.1.1.1
emcisilon_onefs
7.1.1.2
emcisilon_onefs
7.1.1.3
emcisilon_onefs
7.1.1.4
emcisilon_onefs
7.1.1.5
emcisilon_onefs
7.2.0.0
emcisilon_onefs
7.2.0.1
emcisilon_onefs
7.2.0.2
emcisilon_onefs
7.2.0.3
emcisilon_onefs
7.2.0.4
emcisilon_onefs
7.2.0.5
emcisilon_onefs
7.2.1.0
emcisilon_onefs
7.2.1.1
emcisilon_onefs
7.2.1.2
emcisilon_onefs
7.2.1.3
emcisilon_onefs
7.2.1.4
emcisilon_onefs
7.2.1.5
emcisilon_onefs
8.0.0.0
emcisilon_onefs
8.0.0.1
emcisilon_onefs
8.0.0.2
emcisilon_onefs
8.0.0.3
emcisilon_onefs
8.0.0.4
emcisilon_onefs
8.0.1.0
emcisilon_onefs
8.0.1.1
emcisilon_onefs
8.1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://seclists.org/fulldisclosure/2017/Dec/41
http://www.securityfocus.com/bid/102210
http://seclists.org/fulldisclosure/2017/Dec/41
http://www.securityfocus.com/bid/102210