Dell EMC Isilon/OneFS RCE
- Published: 24 Apr 2020
Dell EMC Isilon/OneFS RCE
Share
Type
- Design Flaws
Severity
- High
Affected products
- Dell EMC Isilon/OneFS
CVE Reference
- N/A
Timeline
| 2020-01-04 | Vulnerability discovered |
| 2020-01-10 | Vendor informed, tracked as PSRC-9078 |
| 2020-01-27 | Vendor confirms |
| 2020-02-09 | Vendor releases workaround |
| 2020-04-24 | Public release |
Description
Dell EMC Isilon / OneFS is a scale-out network-attached storage (NAS), driven by the OneFS operating system.
In the default configuration the system supports NFS sharing. Due to a poorly mapped initial layout where the builtin admin user home directory is exposed via the default recommended /ifs share, and due to the inherent weaknesses in NFS where the system trusts the uid sent by the client, it is possible to modify contents in the home directory of the built-in admin user on the system.
Impact
Attackers on the network can map the /ifs resource as uid 10, the admin user, add an SSH key in /ifs/home/admin/.ssh/authorized_keys, and subsequently log in and execute arbitrary code on the system in this context. From this initial foothold a range of actions such as accessing data, removing drives from the storage array or other destructive options are also possible.
Interim Workarounds
Review workaround strategies at https://www.dell.com/support/security/en-us/details/542721/DSA-2020-093-Dell-EMC-Isilon-OneFS-Security-Update-for-NFS-Configuration-Vulnerabilities