CVE-2010-2860
EMC Celerra NAS Appliance - Unauthorized Access to Root NFS Export
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The EMC Celerra Network Attached Storage (NAS) appliance accepts external network traffic to IP addresses intended for an intranet network within the appliance, which allows remote attackers to read, create, or modify arbitrary files in the user data directory via NFS requests.
El dispositivo EMC Celerra Network Attached Storage (NAS) acepta tráfico de red externo en direcciones IP pretendidas para una intranet con el dispositivo, lo que permite a atacantes remotos leer, crear o odificar ficheros de su elección en el directorio de datos de usuari a través de peticiones NFS.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2010-07-27 CVE Reserved
- 2010-08-03 CVE Published
- 2010-08-03 First Exploit
- 2023-11-18 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0018.html | Mailing List | |
| http://securitytracker.com/id?1024271 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/512823/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/archive/1/513564/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/42134 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2010/2337 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/60885 | Vdb Entry | |
| https://www.trustwave.com/spiderlabs/advisories/TWSL2010-003.txt | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/14536 | 2010-08-03 | |
| http://www.exploit-db.com/exploits/14536 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Emc Search vendor "Emc" | Celerra Network Attached Storage Search vendor "Emc" for product "Celerra Network Attached Storage" | * | - |
Affected
| ||||||