CVE-2016-9870

moderate-risk
Published 2017-01-23

EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.

Do I need to act?

-
0.07% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.7/10 Medium
LOCAL / LOW complexity

Affected Products (20)

Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs
Isilon Onefs

Affected Vendors

Emc

References (4)

Mitigation http://www.securityfocus.com/archive/1/540020/30/0/threaded
http://www.securityfocus.com/bid/95626
Mitigation http://www.securityfocus.com/archive/1/540020/30/0/threaded
http://www.securityfocus.com/bid/95626
42
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 21/34 · High