Vulnerabilities > EMC > Isilon Onefs

DATE CVE VULNERABILITY TITLE RISK
2016-05-30 CVE-2016-0907 7PK - Security Features vulnerability in EMC Isilon Onefs and Isilonsd Edge Onefs
EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before 8.0.0.1, and IsilonSD Edge OneFS 8.0.x before 8.0.0.1, does not require SMB signing within a DCERPC session over ncacn_np, which allows man-in-the-middle attackers to spoof SMB clients by modifying the client-server data stream, a similar issue to CVE-2016-2115.
network
emc CWE-254
4.3
2015-12-21 CVE-2015-4545 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
network
low complexity
emc CWE-264
critical
9.0
2015-11-27 CVE-2015-6848 Improper Access Control vulnerability in EMC Isilon Onefs
EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors.
network
emc CWE-284
8.5
2015-07-04 CVE-2015-4525 Command Injection vulnerability in EMC Isilon Onefs
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
network
low complexity
emc CWE-77
critical
9.0
2015-03-29 CVE-2015-0528 Permissions, Privileges, and Access Controls vulnerability in EMC Isilon Onefs
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files.
local
low complexity
emc CWE-264
7.2