Sign-up

ID

VAR-202105-0565


CVE

CVE-2021-21550


TITLE

Dell EMC PowerScale OneFS  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-006552

DESCRIPTION

Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. DELL EMC PowerScale is a scale-out storage system for unstructured data from DELL Corporation of the United States. SSH is an application protocol of SSH. Provide network transmission encrypted transmission function. Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 have a security vulnerability that allows authenticated users with ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE privileges to escalate privileges

Trust: 1.8

sources: NVD: CVE-2021-21550 // JVNDB: JVNDB-2021-006552 // VULHUB: VHN-379954 // VULMON: CVE-2021-21550

AFFECTED PRODUCTS

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.1

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.1.2

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.2

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.1.1

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:9.1.0.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:9.0.0.0

Trust: 1.0

vendor:デルmodel:emc powerscale onefsscope:eqversion: -

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion:8.1.0 to 9.1.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-006552 // NVD: CVE-2021-21550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21550
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2021-21550
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-21550
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202105-248
value: MEDIUM

Trust: 0.6

VULHUB: VHN-379954
value: HIGH

Trust: 0.1

VULMON: CVE-2021-21550
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-21550
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-379954
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21550
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-21550
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-21550
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379954 // VULMON: CVE-2021-21550 // JVNDB: JVNDB-2021-006552 // CNNVD: CNNVD-202105-248 // NVD: CVE-2021-21550 // NVD: CVE-2021-21550

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-379954 // JVNDB: JVNDB-2021-006552 // NVD: CVE-2021-21550

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-248

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202105-248

PATCH

title:DSA-2021-064url:https://www.dell.com/support/kbdoc/000185978

Trust: 0.8

title:DELL EMC PowerScale Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=150804

Trust: 0.6

sources: JVNDB: JVNDB-2021-006552 // CNNVD: CNNVD-202105-248

EXTERNAL IDS

db:NVDid:CVE-2021-21550

Trust: 3.4

db:JVNDBid:JVNDB-2021-006552

Trust: 0.8

db:CNNVDid:CNNVD-202105-248

Trust: 0.6

db:VULHUBid:VHN-379954

Trust: 0.1

db:VULMONid:CVE-2021-21550

Trust: 0.1

sources: VULHUB: VHN-379954 // VULMON: CVE-2021-21550 // JVNDB: JVNDB-2021-006552 // CNNVD: CNNVD-202105-248 // NVD: CVE-2021-21550

REFERENCES

url:https://www.dell.com/support/kbdoc/000185978

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-21550

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-379954 // VULMON: CVE-2021-21550 // JVNDB: JVNDB-2021-006552 // CNNVD: CNNVD-202105-248 // NVD: CVE-2021-21550

SOURCES

db:VULHUBid:VHN-379954
db:VULMONid:CVE-2021-21550
db:JVNDBid:JVNDB-2021-006552
db:CNNVDid:CNNVD-202105-248
db:NVDid:CVE-2021-21550

LAST UPDATE DATE

2024-08-14T13:23:34.040000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379954date:2021-05-14T00:00:00
db:VULMONid:CVE-2021-21550date:2021-05-14T00:00:00
db:JVNDBid:JVNDB-2021-006552date:2022-01-12T08:49:00
db:CNNVDid:CNNVD-202105-248date:2021-05-18T00:00:00
db:NVDid:CVE-2021-21550date:2021-05-14T15:56:14.163

SOURCES RELEASE DATE

db:VULHUBid:VHN-379954date:2021-05-06T00:00:00
db:VULMONid:CVE-2021-21550date:2021-05-06T00:00:00
db:JVNDBid:JVNDB-2021-006552date:2022-01-12T00:00:00
db:CNNVDid:CNNVD-202105-248date:2021-05-06T00:00:00
db:NVDid:CVE-2021-21550date:2021-05-06T13:15:11.267