CVE-2018-1213

HIGH

Dell EMC Isilon OneFS CSRF (7.1.1.11, 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.2)

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1213. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability (CVE-2018-1213) in Dell EMC Isilon OneFS, allowing an attacker to create a privileged user via a crafted HTML form. It also includes a local privilege escalation (CVE-2018-1203) via sudo misconfiguration with tcpdump.

Description

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappslinux

https://www.exploit-db.com/exploits/44039

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability (CVE-2018-1213) in Dell EMC Isilon OneFS, allowing an attacker to create a privileged user via a crafted HTML form. It also includes a local privilege escalation (CVE-2018-1203) via sudo misconfiguration with tcpdump.

Classification

Working Poc 100%

Attack Type

Rce | Lpe

Complexity

Moderate

Reliability

Reliable

Target: Dell EMC Isilon OneFS (versions 7.1.1.11, 7.2.1.x, 8.0.0.0-8.0.1.2, 8.1.0.0-8.1.1.0)

Auth required

Prerequisites: Authenticated user session for CSRF · Local access for privilege escalation

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/103033

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Mar/50

Exploit, Third Party Advisory x_refsource_misc

https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44039/

Scores

CVSS v3 8.8

EPSS 0.0201

EPSS Percentile 78.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (3)

dell/emc_isilon_onefs 7.1.1.11

dell/emc_isilon_onefs 8.1.0.2

dell/emc_isilon_onefs 7.2.1.0 - 7.2.1.6

Published Mar 26, 2018

Tracked Since Feb 18, 2026