IBM Storwize V7000 Unified ACL Security Bypass

Low Nessus Plugin ID 85707


The remote host is affected by an ACL security bypass vulnerability.


The remote IBM Storwize device is affected by an ACL security bypass vulnerability due to a race condition in the Active Cloud Engine (ACE) component caused by an error in NFS packet retransmission in response to noisy or slow responding networks. An authenticated, remote attacker can exploit this to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.


Upgrade to IBM Storwize version or later.

See Also

Plugin Details

Severity: Low

ID: 85707

File Name: ibm_storwize_cve_2014_0875.nasl

Version: $Revision: 1.2 $

Type: combined

Family: Misc.

Published: 2015/08/31

Modified: 2015/09/01

Dependencies: 80963

Risk Information

Risk Factor: Low


Base Score: 3.5

Temporal Score: 3

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/h:ibm:storwize_unified_v7000, cpe:/a:ibm:storwize_unified_v7000_software

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/07/02

Vulnerability Publication Date: 2014/07/02

Reference Information

CVE: CVE-2014-0875

BID: 68398

OSVDB: 108725