EMC Isilon OneFS up to 8.0.0.4/8.0.1.1 NFS Service 7pk security
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.9 | $5k-$25k | 0.04 |
A vulnerability was found in EMC Isilon OneFS up to 8.0.0.4/8.0.1.1. It has been declared as critical. This vulnerability affects an unknown functionality of the component NFS Service. The manipulation with an unknown input leads to a 7pk security vulnerability. The CWE definition for the vulnerability is CWE-254. As an impact it is known to affect confidentiality, integrity, and availability. CVE summarizes:
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
The bug was discovered 12/18/2017. The weakness was published 12/20/2017 as not defined mailinglist post (Full-Disclosure). The advisory is shared for download at seclists.org. This vulnerability was named CVE-2017-14387 since 09/12/2017. The exploitation appears to be easy. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 12/28/2019). The MITRE ATT&CK project declares the attack technique as T1211.
The vulnerability was handled as a non-public zero-day exploit for at least 2 days. During that time the estimated underground price was around $5k-$25k.
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.9VulDB Meta Temp Score: 6.9
VulDB Base Score: 7.3
VulDB Temp Score: 7.3
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 6.5
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
| unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: 7pk securityCWE: CWE-254
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | unlock | unlock | unlock | unlock |
|---|---|---|---|---|
| Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
09/12/2017 🔍12/18/2017 🔍
12/20/2017 🔍
12/20/2017 🔍
12/20/2017 🔍
12/21/2017 🔍
12/28/2019 🔍
Sources
Vendor: dellemc.comAdvisory: seclists.org
Status: Not defined
Confirmation: 🔍
CVE: CVE-2017-14387 (🔍)
SecurityFocus: 102292 - EMC Isilon OneFS CVE-2017-14387 Security Bypass Vulnerability
Entry
Created: 12/21/2017 08:16Updated: 12/28/2019 10:28
Changes: 12/21/2017 08:16 (59), 12/28/2019 10:28 (4)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.