Detections
Analytics

IBM Storwize V7000 Unified ACL Security Bypass

low Nessus Plugin ID 85707

Language:

Synopsis

The remote host is affected by an ACL security bypass vulnerability.

Description

The remote IBM Storwize device is affected by an ACL security bypass vulnerability due to a race condition in the Active Cloud Engine (ACE) component caused by an error in NFS packet retransmission in response to noisy or slow responding networks. An authenticated, remote attacker can exploit this to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.

Solution

Upgrade to IBM Storwize version 1.5.0.0 or later.

See Also

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004738

Plugin Details

Severity: Low

ID: 85707

File Name: ibm_storwize_cve_2014_0875.nasl

Version: 1.3

Type: combined

Family: Misc.

Published: 8/31/2015

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/h:ibm:storwize_unified_v7000, cpe:/a:ibm:storwize_unified_v7000_software

Exploit Ease: No known exploits are available

Patch Publication Date: 7/2/2014

Vulnerability Publication Date: 7/2/2014

Reference Information

CVE: CVE-2014-0875

BID: 68398