Details of VAR-202103-0635

ID

VAR-202103-0635

CVE

CVE-2021-21506

TITLE

PowerScale OneFS Input confirmation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004347

DESCRIPTION

PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in its API handler. An un-authtenticated with ISI_PRIV_SYS_SUPPORT and ISI_PRIV_LOGIN_PAPI privileges could potentially exploit this vulnerability, leading to potential privileges escalation. PowerScale OneFS Is vulnerable to input validation.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS

Trust: 1.71

sources: NVD: CVE-2021-21506 // JVNDB: JVNDB-2021-004347 // VULHUB: VHN-379910

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	9.1.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.1.2	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	9.1.0	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	8.1.2	Trust: 0.8

sources: JVNDB: JVNDB-2021-004347 // NVD: CVE-2021-21506

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21506
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2021-21506
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21506
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202103-557
value:	HIGH
Trust: 0.6
VULHUB:	VHN-379910
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21506
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-379910
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21506
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-004347
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379910 // JVNDB: JVNDB-2021-004347 // CNNVD: CNNVD-202103-557 // NVD: CVE-2021-21506 // NVD: CVE-2021-21506

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Incorrect input confirmation (CWE-20) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379910 // JVNDB: JVNDB-2021-004347 // NVD: CVE-2021-21506

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-557

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202103-557

PATCH

title:

DSA-2021-011

url:

https://www.dell.com/support/kbdoc/000183717

Trust: 0.8

sources: JVNDB: JVNDB-2021-004347

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21506	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-004347	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-557	Trust: 0.7
db:	VULHUB	id:	VHN-379910	Trust: 0.1

sources: VULHUB: VHN-379910 // JVNDB: JVNDB-2021-004347 // CNNVD: CNNVD-202103-557 // NVD: CVE-2021-21506

REFERENCES

url:	https://www.dell.com/support/kbdoc/000183717	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21506	Trust: 1.4

sources: VULHUB: VHN-379910 // JVNDB: JVNDB-2021-004347 // CNNVD: CNNVD-202103-557 // NVD: CVE-2021-21506

SOURCES

db:	VULHUB	id:	VHN-379910
db:	JVNDB	id:	JVNDB-2021-004347
db:	CNNVD	id:	CNNVD-202103-557
db:	NVD	id:	CVE-2021-21506

LAST UPDATE DATE

2024-11-23T21:58:43.140000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379910	date:	2021-03-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-004347	date:	2021-11-18T08:52:00
db:	CNNVD	id:	CNNVD-202103-557	date:	2021-03-19T00:00:00
db:	NVD	id:	CVE-2021-21506	date:	2024-11-21T05:48:29.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379910	date:	2021-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-004347	date:	2021-11-18T00:00:00
db:	CNNVD	id:	CNNVD-202103-557	date:	2021-03-08T00:00:00
db:	NVD	id:	CVE-2021-21506	date:	2021-03-08T22:15:13.970