Details of VAR-202108-0398

ID

VAR-202108-0398

CVE

CVE-2021-21553

TITLE

Dell PowerScale OneFS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009430

DESCRIPTION

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest. Dell PowerScale OneFS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS

Trust: 1.8

sources: NVD: CVE-2021-21553 // JVNDB: JVNDB-2021-009430 // VULHUB: VHN-379957 // VULMON: CVE-2021-21553

AFFECTED PRODUCTS

vendor:	dell	model:	powerscale onefs	scope:	lte	version:	9.1.0	Trust: 1.0
vendor:	dell	model:	powerscale onefs	scope:	gte	version:	8.1.0	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	8.1.0 to 9.1.0	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009430 // NVD: CVE-2021-21553

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21553
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2021-21553
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-21553
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-135
value:	HIGH
Trust: 0.6
VULHUB:	VHN-379957
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-21553
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-21553
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379957
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21553
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.0
impactScore:	6.0
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21553
baseSeverity:	HIGH
baseScore:	7.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.3
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21553
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379957 // VULMON: CVE-2021-21553 // JVNDB: JVNDB-2021-009430 // CNNVD: CNNVD-202108-135 // NVD: CVE-2021-21553 // NVD: CVE-2021-21553

PROBLEMTYPE DATA

problemtype:	CWE-286	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [ Other ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009430 // NVD: CVE-2021-21553

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-135

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-135

PATCH

title:	DSA-2021-097	url:	https://www.dell.com/support/kbdoc/ja-jp/000188148/dell-powerscale-onefs-security-update-for-multiple-security-vulnerabilities	Trust: 0.8
title:	Dell Technologies Dell PowerScale OneFS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158483	Trust: 0.6

sources: JVNDB: JVNDB-2021-009430 // CNNVD: CNNVD-202108-135

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21553	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-009430	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-135	Trust: 0.7
db:	VULHUB	id:	VHN-379957	Trust: 0.1
db:	VULMON	id:	CVE-2021-21553	Trust: 0.1

sources: VULHUB: VHN-379957 // VULMON: CVE-2021-21553 // JVNDB: JVNDB-2021-009430 // CNNVD: CNNVD-202108-135 // NVD: CVE-2021-21553

REFERENCES

url:	https://www.dell.com/support/kbdoc/000188148	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21553	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379957 // VULMON: CVE-2021-21553 // JVNDB: JVNDB-2021-009430 // CNNVD: CNNVD-202108-135 // NVD: CVE-2021-21553

SOURCES

db:	VULHUB	id:	VHN-379957
db:	VULMON	id:	CVE-2021-21553
db:	JVNDB	id:	JVNDB-2021-009430
db:	CNNVD	id:	CNNVD-202108-135
db:	NVD	id:	CVE-2021-21553

LAST UPDATE DATE

2024-08-14T14:37:58.194000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379957	date:	2021-08-11T00:00:00
db:	VULMON	id:	CVE-2021-21553	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-009430	date:	2022-04-27T01:56:00
db:	CNNVD	id:	CNNVD-202108-135	date:	2021-08-17T00:00:00
db:	NVD	id:	CVE-2021-21553	date:	2021-08-11T18:23:06.913

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379957	date:	2021-08-03T00:00:00
db:	VULMON	id:	CVE-2021-21553	date:	2021-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-009430	date:	2022-04-27T00:00:00
db:	CNNVD	id:	CNNVD-202108-135	date:	2021-08-02T00:00:00
db:	NVD	id:	CVE-2021-21553	date:	2021-08-03T00:15:08.163