Our security scanner has detected a vulnerability on our OpenManage Enterprise "At least one of the NFS shares exported by the remote server could be mounted by the scanning host. An attacker may be able to leverage this to read (and possibly write) files on remote host."
Has this already been reported?
Doesn't matter what it contains, the fact it can be mounted with no credentials makes it a vulnerability. We are in the middle of a PCI DSS audit and it's being flagged, resolve or shutdown.
Understood. I've passed the feedback along and don't have any updates at this point.
Only thing I can emphasize is that it is a readyonly share with files related to firmware update (so public files). But I know the scanners don't care about that
The NFS share used by the appliance is read-only share and unauthorized users cannot write to this share. We are also looking at moving to CIFS share from NFS share for the upcoming release.