PT-2015-3216 · Emc · Isilon Onefs

Published

2015-12-21

Updated

2016-11-28

CVE-2015-4545

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions EMC Isilon OneFS versions 7.1 before 7.1.1.8 EMC Isilon OneFS versions 7.2.0 before 7.2.0.4 EMC Isilon OneFS versions 7.2.1 before 7.2.1.1

Description The issue is related to insufficient access control in the Isilon OneFS operating system. It allows remote authenticated administrators to bypass a SmartLock root-login restriction. This can be achieved by creating a root account and establishing a login session.

Recommendations For versions 7.1 before 7.1.1.8, update to version 7.1.1.8 or later. For versions 7.2.0 before 7.2.0.4, update to version 7.2.0.4 or later. For versions 7.2.1 before 7.2.1.1, update to version 7.2.1.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

BDU:2016-00962

CVE-2015-4545

Affected Products

Isilon Onefs

PT-2015-3216 · Emc · Isilon Onefs

CVE-2015-4545

Weakness Enumeration

Related Identifiers

Affected Products

References · 4