Dell EMC Isilon/OneFS RCE

Product Dell EMC Isilon/OneFS
Severity High
CVE Reference N/A
Type Design Flaws

Description

Dell EMC Isilon / OneFS is a scale-out network-attached storage (NAS), driven by the OneFS operating system. 

In the default configuration the system supports NFS sharing. Due to a poorly mapped initial layout where the builtin admin user home directory is exposed via the default recommended /ifs share, and due to the inherent weaknesses in NFS where the system trusts the uid sent by the client, it is possible to modify contents in the home directory of the built-in admin user on the system. 

Impact

Attackers on the network can map the /ifs resource as uid 10, the admin user, add an SSH key in /ifs/home/admin/.ssh/authorized_keys, and subsequently log in and execute arbitrary code on the system in this context. From this initial foothold a range of actions such as accessing data, removing drives from the storage array or other destructive options are also possible.

Interim Workarounds

Review workaround strategies at https://www.dell.com/support/security/en-us/details/542721/DSA-2020-093-Dell-EMC-Isilon-OneFS-Security-Update-for-NFS-Configuration-Vulnerabilities

Detailed Timeline

Date Summary
2020-01-04 Vulnerability discovered
2020-01-10 Vendor informed, tracked as PSRC-9078
2020-01-27 Vendor confirms
2020-02-09 Vendor releases workaround
2020-04-24 Public release