Main Vulnerability Database SB2022110236

SB2022110236 - Security features in Dell EMC Isilon OneFS

Published: November 2, 2022

Security Bulletin ID SB2022110236

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security Features (CVE-ID: CVE-2019-11331)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is not required, which makes it easier for remote attackers to conduct off-path attacks.

Remediation

Install update from vendor's website.

References

https://www.dell.com/support/kbdoc/en-us/000153845/dsa-2020-045-dell-emc-isilon-onefs-security-update-for-ntp-vulnerability