Sign-up

ID

VAR-202104-0686


CVE

CVE-2021-21547


TITLE

plural  Dell EMC  Vulnerability in plaintext storage of important information in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-006441

DESCRIPTION

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. DELL Dell EMC Unity and UnityVSA are both products of Dell (DELL). UnityVSA is a virtual Unity storage environment

Trust: 1.8

sources: NVD: CVE-2021-21547 // JVNDB: JVNDB-2021-006441 // VULHUB: VHN-379951 // VULMON: CVE-2021-21547

AFFECTED PRODUCTS

vendor:dellmodel:unityvsa operating environmentscope:ltversion:5.0.7.0.5.008

Trust: 1.0

vendor:dellmodel:unity operating environmentscope:ltversion:5.0.7.0.5.008

Trust: 1.0

vendor:dellmodel:unity xt operating environmentscope:ltversion:5.0.7.0.5.008

Trust: 1.0

vendor:デルmodel:dell emc unityvsa operating environmentscope:eqversion:5.0.7.0.5.008

Trust: 0.8

vendor:デルmodel:dell emc unity xt operating environmentscope: - version: -

Trust: 0.8

vendor:デルmodel:dell emc unity operating environmentscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-006441 // NVD: CVE-2021-21547

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21547
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2021-21547
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-21547
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-2277
value: MEDIUM

Trust: 0.6

VULHUB: VHN-379951
value: LOW

Trust: 0.1

VULMON: CVE-2021-21547
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-21547
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-379951
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21547
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-21547
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-21547
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379951 // VULMON: CVE-2021-21547 // JVNDB: JVNDB-2021-006441 // CNNVD: CNNVD-202104-2277 // NVD: CVE-2021-21547 // NVD: CVE-2021-21547

PROBLEMTYPE DATA

problemtype:CWE-312

Trust: 1.1

problemtype:Plaintext storage of important information (CWE-312) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-379951 // JVNDB: JVNDB-2021-006441 // NVD: CVE-2021-21547

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202104-2277

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-2277

PATCH

title:DSA-2021-083url:https://www.dell.com/support/kbdoc/ja-jp/000185484/dsa-2021-083-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities

Trust: 0.8

title:Dell EMC Unity,UnityVSA and Unity XT Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150172

Trust: 0.6

sources: JVNDB: JVNDB-2021-006441 // CNNVD: CNNVD-202104-2277

EXTERNAL IDS

db:NVDid:CVE-2021-21547

Trust: 3.4

db:JVNDBid:JVNDB-2021-006441

Trust: 0.8

db:CNNVDid:CNNVD-202104-2277

Trust: 0.6

db:VULHUBid:VHN-379951

Trust: 0.1

db:VULMONid:CVE-2021-21547

Trust: 0.1

sources: VULHUB: VHN-379951 // VULMON: CVE-2021-21547 // JVNDB: JVNDB-2021-006441 // CNNVD: CNNVD-202104-2277 // NVD: CVE-2021-21547

REFERENCES

url:https://www.dell.com/support/kbdoc/000185484

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-21547

Trust: 1.4

url:https://cwe.mitre.org/data/definitions/312.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-379951 // VULMON: CVE-2021-21547 // JVNDB: JVNDB-2021-006441 // CNNVD: CNNVD-202104-2277 // NVD: CVE-2021-21547

SOURCES

db:VULHUBid:VHN-379951
db:VULMONid:CVE-2021-21547
db:JVNDBid:JVNDB-2021-006441
db:CNNVDid:CNNVD-202104-2277
db:NVDid:CVE-2021-21547

LAST UPDATE DATE

2024-08-14T15:11:57.391000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379951date:2021-05-11T00:00:00
db:VULMONid:CVE-2021-21547date:2021-05-11T00:00:00
db:JVNDBid:JVNDB-2021-006441date:2022-01-06T08:30:00
db:CNNVDid:CNNVD-202104-2277date:2021-05-12T00:00:00
db:NVDid:CVE-2021-21547date:2021-05-11T12:51:47.480

SOURCES RELEASE DATE

db:VULHUBid:VHN-379951date:2021-04-30T00:00:00
db:VULMONid:CVE-2021-21547date:2021-04-30T00:00:00
db:JVNDBid:JVNDB-2021-006441date:2022-01-06T00:00:00
db:CNNVDid:CNNVD-202104-2277date:2021-04-30T00:00:00
db:NVDid:CVE-2021-21547date:2021-04-30T21:15:08.937