CVE-2018-1203
MEDIUMDell Emc Isilon Onefs < 8.0.0.6 - Incorrect Permission Assignment
Title source: ruleDescription
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textwebappslinux
https://www.exploit-db.com/exploits/44039
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103033
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Mar/50
Exploit, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44039/
Scores
CVSS v3
6.7
EPSS
0.0108
EPSS Percentile
78.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
Status
published
Products (1)
dell/emc_isilon_onefs
8.0.0.0 - 8.0.0.6
Published
Mar 26, 2018
Tracked Since
Feb 18, 2026