CVE-2017-14387
CVE-2017-14387 is a medium-severity vulnerability in Emc Isilon Onefs with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- CVSS v2: 6.4
- EPSS exploit prediction: 1% (56th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Emc Isilon Onefs
- Published:
- Last modified:
Description
The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
Frequently asked questions
- What is CVE-2017-14387?
- The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."
- How severe is CVE-2017-14387?
- CVE-2017-14387 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and no user interaction. Impact on confidentiality is low, integrity low, and availability none.
- Is CVE-2017-14387 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (56th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2017-14387?
- CVE-2017-14387 primarily affects Emc Isilon Onefs. In total, 8 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2017-14387?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2017-14387 published?
- CVE-2017-14387 was published on 2017-12-20 and last updated on 2026-06-17.
References
Affected products (8)
- cpe:2.3:o:emc:isilon_onefs:8.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:emc:isilon_onefs:8.0.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:emc:isilon_onefs:8.0.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:emc:isilon_onefs:8.0.0.3:*:*:*:*:*:*:*
- cpe:2.3:o:emc:isilon_onefs:8.0.0.4:*:*:*:*:*:*:*
- cpe:2.3:o:emc:isilon_onefs:8.0.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:emc:isilon_onefs:8.0.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:emc:isilon_onefs:8.1.0.0:*:*:*:*:*:*:*
More vulnerabilities in Emc Isilon Onefs
- CVE-2015-4525 — Critical (CVSS 9.0): The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before…
- CVE-2015-6848 — High (CVSS 8.5): EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is…
- CVE-2015-4545 — High (CVSS 8.0): EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated…
- CVE-2018-11071 — High (CVSS 7.5): Dell EMC Isilon OneFS versions 7.1.1.x, 7.2.1.x, 8.0.0.x, 8.0.1.x, 8.1.0.x and 8.1.x prior to 8.1.2 and Dell EMC…
- CVE-2017-4980 — High (CVSS 7.5): EMC Isilon OneFS is affected by a path traversal vulnerability that may potentially be exploited by attackers to…
- CVE-2017-4988 — High (CVSS 7.2): EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability…