Dell EMC Isilon/OneFS RCE

    Type

  • Design Flaws

    • Severity

  • High

    • Affected products

  • Dell EMC Isilon/OneFS

    • CVE Reference

  • N/A
Timeline
2020-01-04Vulnerability discovered
2020-01-10Vendor informed, tracked as PSRC-9078
2020-01-27Vendor confirms
2020-02-09Vendor releases workaround
2020-04-24Public release

Description

Dell EMC Isilon / OneFS is a scale-out network-attached storage (NAS), driven by the OneFS operating system. 

In the default configuration the system supports NFS sharing. Due to a poorly mapped initial layout where the builtin admin user home directory is exposed via the default recommended /ifs share, and due to the inherent weaknesses in NFS where the system trusts the uid sent by the client, it is possible to modify contents in the home directory of the built-in admin user on the system. 

Impact

Attackers on the network can map the /ifs resource as uid 10, the admin user, add an SSH key in /ifs/home/admin/.ssh/authorized_keys, and subsequently log in and execute arbitrary code on the system in this context. From this initial foothold a range of actions such as accessing data, removing drives from the storage array or other destructive options are also possible.

Interim Workarounds

Review workaround strategies at https://www.dell.com/support/security/en-us/details/542721/DSA-2020-093-Dell-EMC-Isilon-OneFS-Security-Update-for-NFS-Configuration-Vulnerabilities