IBM Storwize V7000 Unified ACL Security Bypass
Low Nessus Plugin ID 85707
SynopsisThe remote host is affected by an ACL security bypass vulnerability.
DescriptionThe remote IBM Storwize device is affected by an ACL security bypass vulnerability due to a race condition in the Active Cloud Engine (ACE) component caused by an error in NFS packet retransmission in response to noisy or slow responding networks. An authenticated, remote attacker can exploit this to bypass intended ACL restrictions in opportunistic circumstances by leveraging incorrect ACL synchronization over an unreliable NFS connection that requires retransmissions.
SolutionUpgrade to IBM Storwize version 188.8.131.52 or later.