PT-2016-4461 · Emc · Isilonsd Edge Onefs+1

Published

2016-05-30

Updated

2017-08-08

CVE-2016-0907

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions EMC Isilon OneFS versions 7.1.x through 7.2.x before 7.2.1.3 EMC Isilon OneFS versions 8.0.x before 8.0.0.1 IsilonSD Edge OneFS versions 8.0.x before 8.0.0.1

Description The issue allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream because it does not require SMB signing within a DCERPC session over ncacn np.

Recommendations For EMC Isilon OneFS versions 7.1.x through 7.2.x before 7.2.1.3, update to version 7.2.1.3 or later. For EMC Isilon OneFS versions 8.0.x before 8.0.0.1, update to version 8.0.0.1 or later. For IsilonSD Edge OneFS versions 8.0.x before 8.0.0.1, update to version 8.0.0.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

CVE-2016-0907

Affected Products

Emc Isilon Onefs

Isilonsd Edge Onefs

PT-2016-4461 · Emc · Isilonsd Edge Onefs+1

CVE-2016-0907

Weakness Enumeration

Related Identifiers

Affected Products

References · 3