CVE-2017-14387

Name: CVE-2017-14387
Creator: NVD / NIST
Published: 2017-12-20T23:29:00.297+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.91%

Last modified Jun 17, 2026

CVE-2017-14387 is a vulnerability of currently unknown severity. The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. EPSS estimates a 0.91% chance of exploitation in the next 30 days.

Description

The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and 8.0.0.0 - 8.0.0.4 maintains default NFS export settings (including the NFS export security flavor for authentication) that can be leveraged by current and future NFS exports. This NFS service contained a flaw that did not properly propagate changes made to the default security flavor to all new and existing NFS exports that are configured to use default NFS export settings and that are mounted after those changes are made. This flaw may potentially allow NFS clients to access affected NFS exports using the default and potentially weaker security flavor even if a more secure one was selected to be used by the OneFS administrator, aka an "NFS Export Security Setting Fallback Vulnerability."

Metrics

EPSS Probability

0.91%

55.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Emc	Isilon Onefs	8.0.0.0
Emc	Isilon Onefs	8.0.0.1
Emc	Isilon Onefs	8.0.0.2
Emc	Isilon Onefs	8.0.0.3
Emc	Isilon Onefs	8.0.0.4
Emc	Isilon Onefs	8.0.1.0
Emc	Isilon Onefs	8.0.1.1
Emc	Isilon Onefs	8.1.0.0

References

http://seclists.org/fulldisclosure/2017/Dec/78Issue Tracking, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/102292Third Party Advisory, VDB Entry
http://seclists.org/fulldisclosure/2017/Dec/78Issue Tracking, Mailing List, Third Party Advisory
http://www.securityfocus.com/bid/102292Third Party Advisory, VDB Entry

Timeline

Published: Dec 20, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14387?

How severe is CVE-2017-14387?

Severity scoring for CVE-2017-14387 is pending analysis. The EPSS model estimates a 0.91% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14387?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14387?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST