CVE-2018-1202

MEDIUM

Dell EMC Isilon 7.1.1.11 8.0.0.0-8.0.0.6 8.0.1.0-8.0.1.2 8.1.0.0-8.1.0.1 - Cross-Site Scripting in NDMP Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1202. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability (CVE-2018-1213) in Dell EMC Isilon OneFS, allowing an attacker to create a privileged user via a crafted HTML form. It also includes a local privilege escalation (CVE-2018-1203) via sudo misconfiguration with tcpdump.

Description

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Core Security · textwebappslinux
https://www.exploit-db.com/exploits/44039

The exploit demonstrates a CSRF vulnerability (CVE-2018-1213) in Dell EMC Isilon OneFS, allowing an attacker to create a privileged user via a crafted HTML form. It also includes a local privilege escalation (CVE-2018-1203) via sudo misconfiguration with tcpdump.

Classification
Working Poc 100%
Attack Type
Rce | Lpe
Complexity
Moderate
Reliability
Reliable
Target: Dell EMC Isilon OneFS (versions 7.1.1.11, 7.2.1.x, 8.0.0.0-8.0.1.2, 8.1.0.0-8.1.1.0)
Auth required
Prerequisites: Authenticated user session for CSRF · Local access for privilege escalation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103033
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Mar/50
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44039/

Scores

CVSS v3 4.8
EPSS 0.0221
EPSS Percentile 80.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
dell/emc_isilon 7.1.1.11
dell/emc_isilon 8.0.0.0 - 8.0.0.6
Published Mar 26, 2018
Tracked Since Feb 18, 2026