CVE-2017-4979 - Vulnerability Details

Vendors	Products
Emc	Isilon Onefs

Link	Providers
http://www.securityfocus.com/archive/1/540551/30/0/threaded

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x", "vendor": "n/a", "versions": [{"status": "affected", "version": "EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x"}]}], "datePublic": "2017-05-19T00:00:00", "descriptions": [{"lang": "en", "value": "EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports."}], "problemTypes": [{"descriptions": [{"description": "NFS Export Upgrade Vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-05-19T14:57:01", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "ID": "CVE-2017-4979", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x", "version": {"version_data": [{"version_value": "EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "NFS Export Upgrade Vulnerability"}]}]}, "references": {"reference_data": [{"name": "http://www.securityfocus.com/archive/1/540551/30/0/threaded", "refsource": "CONFIRM", "url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T14:47:44.041Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2017-4979", "datePublished": "2017-05-19T15:00:00", "dateReserved": "2016-12-29T00:00:00", "dateUpdated": "2024-08-05T14:47:44.041Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x (string)

}

]

}

]

datePublic : 2017-05-19T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : NFS Export Upgrade Vulnerability (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-05-19T14:57:01 (string)

orgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

shortName : dell (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.securityfocus.com/archive/1/540551/30/0/threaded (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security_alert@emc.com (string)

ID : CVE-2017-4979 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x (string)

version : { »

version_data : [ »

0 : { »

version_value : EMC Isilon OneFS OneFS 8.0.1.0, OneFS 8.0.0.0 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, OneFS 7.2.0.x (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : NFS Export Upgrade Vulnerability (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.securityfocus.com/archive/1/540551/30/0/threaded (string)

refsource : CONFIRM (string)

url : http://www.securityfocus.com/archive/1/540551/30/0/threaded (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T14:47:44.041Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.securityfocus.com/archive/1/540551/30/0/threaded (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : c550e75a-17ff-4988-97f0-544cde3820fe (string)

assignerShortName : dell (string)

cveId : CVE-2017-4979 (string)

datePublished : 2017-05-19T15:00:00 (string)

dateReserved : 2016-12-29T00:00:00 (string)

dateUpdated : 2024-08-05T14:47:44.041Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F551F88-3176-4E92-AE7A-FCAB3A220A45", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "26144325-6722-48C1-A0C2-BB78EF9BDE60", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "10B1B998-AEEE-4123-82F3-72D84EF681DC", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0828B061-28B4-4AEE-BBB9-AF287B90713C", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "064C487D-517E-4F7B-A182-5DF287477652", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "D1600B1F-C307-457B-BC84-73339A64DF8D", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB53E775-7A57-41D2-A93D-5F96D72622D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A17F44A3-8C09-49EE-8545-51C57F36B801", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "DCE2CA2E-BFAD-4D87-BAAA-DA63C88F38D5", "vulnerable": true}, {"criteria": "cpe:2.3:o:emc:isilon_onefs:8.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "F2B3BD02-4CA9-4D00-A5B5-F3EBB7DACDEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports."}, {"lang": "es", "value": "Isilon OneFS versi\u00f3n 8.0.1.0, OneFS versiones 8.0.0.0 - 8.0.0.2, OneFS versiones 7.2.1.0 - 7.2.1.3 y OneFS versiones 7.2.0.x de EMC, est\u00e1n afectadas por una vulnerabilidad de exportaci\u00f3n de NFS. Bajo ciertas condiciones, despu\u00e9s de actualizar un cl\u00faster desde OneFS versi\u00f3n 7.1.1.x o anteriores, los usuarios pueden tener niveles inesperados de acceso a algunas exportaciones de NFS."}], "id": "CVE-2017-4979", "lastModified": "2025-04-20T01:37:25.860", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-19T15:29:00.257", "references": [{"source": "security_alert@emc.com", "tags": ["Mitigation", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/540551/30/0/threaded"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:7.2.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E8AF3E1-FE57-40B9-95DD-4E4C8EB578CB (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:7.2.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F551F88-3176-4E92-AE7A-FCAB3A220A45 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:7.2.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 26144325-6722-48C1-A0C2-BB78EF9BDE60 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:7.2.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 10B1B998-AEEE-4123-82F3-72D84EF681DC (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:7.2.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 0828B061-28B4-4AEE-BBB9-AF287B90713C (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:7.2.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 064C487D-517E-4F7B-A182-5DF287477652 (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:7.2.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : D1600B1F-C307-457B-BC84-73339A64DF8D (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:* (string)

matchCriteriaId : AB53E775-7A57-41D2-A93D-5F96D72622D1 (string)

vulnerable : true (boolean)

}

8 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A17F44A3-8C09-49EE-8545-51C57F36B801 (string)

vulnerable : true (boolean)

}

9 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:8.0.0.2:*:*:*:*:*:*:* (string)

matchCriteriaId : DCE2CA2E-BFAD-4D87-BAAA-DA63C88F38D5 (string)

vulnerable : true (boolean)

}

10 : { »

criteria : cpe:2.3:o:emc:isilon_onefs:8.0.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : F2B3BD02-4CA9-4D00-A5B5-F3EBB7DACDEF (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports. (string)

}

1 : { »

lang : es (string)

value : Isilon OneFS versión 8.0.1.0, OneFS versiones 8.0.0.0 - 8.0.0.2, OneFS versiones 7.2.1.0 - 7.2.1.3 y OneFS versiones 7.2.0.x de EMC, están afectadas por una vulnerabilidad de exportación de NFS. Bajo ciertas condiciones, después de actualizar un clúster desde OneFS versión 7.1.1.x o anteriores, los usuarios pueden tener niveles inesperados de acceso a algunas exportaciones de NFS. (string)

}

]

id : CVE-2017-4979 (string)

lastModified : 2025-04-20T01:37:25.860 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : HIGH (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 4.6 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:H/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 7.1 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 1.2 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2017-05-19T15:29:00.257 (string)

references : [ »

0 : { »

source : security_alert@emc.com (string)

tags : [ »

0 : Mitigation (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/540551/30/0/threaded (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mitigation (string)

1 : Third Party Advisory (string)

2 : VDB Entry (string)

]

url : http://www.securityfocus.com/archive/1/540551/30/0/threaded (string)

}

]

sourceIdentifier : security_alert@emc.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity High

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object