NFS vulnerability detected

Hi and thanks for the question.

This NFS share is internal to the OMEnt appliance and is used in the process of updating the firmware on the iDRACs.  The share is set up as readonly and does not contain sensitive information.

Thanks,

Rob

Doesn't matter what it contains, the fact it can be mounted with no credentials makes it a vulnerability.  We are in the middle of a PCI DSS audit and it's being flagged, resolve or shutdown.

Hi Dale.

Understood.  I've passed the feedback along and don't have any updates at this point.

Only thing I can emphasize is that it is a readyonly share with files related to firmware update (so public files).  But I know the scanners don't care about that :)

Thanks much,

Rob

Is there a way to limit which servers can access the NFS share?

Hi,

The NFS share used by the appliance is read-only share and unauthorized users cannot write to this share. We are also looking at moving to CIFS share from NFS share for the upcoming release.

Regards

Abhijit

What is the timeline to move it from NFS to CIFS? In the meantime, can a filter be implemented to allow only specified IPs to mount?

Terence

Hi there,

It looks like an small update that includes a resolution for the NFS behavior (should be CIFS) will be out in a few weeks.  No filtering workaround I'm afraid.

Stay tuned.

Thanks!

Rob

We are having the same issue. Is there any update?

Hi all,

does anybody know if the NFS version used by OpenManage is 4?

This is the only versione allowed by my organization.

Paolo

OME version 3.1 and 3.2 are no longer supporting NFS shares and are now using CIFS

I have appliance version 4.2.0.2258 and still it is flagged with those NFS Vulnerabilities.

Anyone know how this can be fixed.