IBM Storwize V7000 Unified ACL Security Bypass

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by an ACL security bypass vulnerability.

Description :

The remote IBM Storwize device is affected by an ACL security bypass
vulnerability due to a race condition in the Active Cloud Engine (ACE)
component caused by an error in NFS packet retransmission in response
to noisy or slow responding networks. An authenticated, remote
attacker can exploit this to bypass intended ACL restrictions in
opportunistic circumstances by leveraging incorrect ACL
synchronization over an unreliable NFS connection that requires
retransmissions.

See also :

http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004738

Solution :

Upgrade to IBM Storwize version 1.5.0.0 or later.

Risk factor :

Low / CVSS Base Score : 3.5
(CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 85707 ()

Bugtraq ID: 68398

CVE ID: CVE-2014-0875

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now