CVE-2010-2860

EMC Celerra Network Attached Storage - Unauthenticated Arbitrary File Access via NFS Requests

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2860. PoCs published by Trustwave's SpiderLabs.

AI-analyzed exploit summary This advisory details an unauthorized access vulnerability in EMC Celerra NAS appliances due to improper NFS export restrictions. Attackers can spoof authorized IP addresses to mount the root filesystem and gain full access.

Description

The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests.

Exploits (1)

exploitdb WRITEUP

by Trustwave's SpiderLabs · textremotehardware

https://www.exploit-db.com/exploits/14536

View Code ZIP pw:eip

This advisory details an unauthorized access vulnerability in EMC Celerra NAS appliances due to improper NFS export restrictions. Attackers can spoof authorized IP addresses to mount the root filesystem and gain full access.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: EMC Celerra Unified Storage products (all versions)

No auth needed

Prerequisites: Network access to the target Celerra appliance · Ability to spoof IP addresses or control local subnet routing

MITRE ATT&CK