Details of VAR-202108-0399

ID

VAR-202108-0399

CVE

CVE-2021-21562

TITLE

Dell PowerScale OneFS Untrusted search path vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-009396

DESCRIPTION

Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application’s direct control. Dell Technologies Dell PowerScale OneFS is an operating system of Dell Technologies in the United States. Offers the PowerScale OneFS operating system for scale-out NAS. Dell EMC PowerScale OneFS has a code issue vulnerability that allows a user (ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE) and (ISI PRIV SYS UPGRADE or ISI PRIV AUDIT) to provide an untrusted path that could lead to applications not running directly resources under control

Trust: 1.8

sources: NVD: CVE-2021-21562 // JVNDB: JVNDB-2021-009396 // VULHUB: VHN-379966 // VULMON: CVE-2021-21562

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.1.3	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	9.1.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.1.2	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	9.0.0.0	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009396 // NVD: CVE-2021-21562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21562
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21562
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21562
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-129
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379966
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-21562
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-21562
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379966
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21562
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-009396
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379966 // VULMON: CVE-2021-21562 // JVNDB: JVNDB-2021-009396 // CNNVD: CNNVD-202108-129 // NVD: CVE-2021-21562 // NVD: CVE-2021-21562

PROBLEMTYPE DATA

problemtype:	CWE-426	Trust: 1.1
problemtype:	Untrusted search path (CWE-426) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379966 // JVNDB: JVNDB-2021-009396 // NVD: CVE-2021-21562

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-129

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202108-129

PATCH

title:	DSA-2021-097	url:	https://www.dell.com/support/kbdoc/ja-jp/000188148/dell-powerscale-onefs-security-update-for-multiple-security-vulnerabilities	Trust: 0.8
title:	Dell Technologies Dell PowerScale OneFS Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158477	Trust: 0.6

sources: JVNDB: JVNDB-2021-009396 // CNNVD: CNNVD-202108-129

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21562	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-009396	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-129	Trust: 0.7
db:	VULHUB	id:	VHN-379966	Trust: 0.1
db:	VULMON	id:	CVE-2021-21562	Trust: 0.1

sources: VULHUB: VHN-379966 // VULMON: CVE-2021-21562 // JVNDB: JVNDB-2021-009396 // CNNVD: CNNVD-202108-129 // NVD: CVE-2021-21562

REFERENCES

url:	https://www.dell.com/support/kbdoc/000188148	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21562	Trust: 1.4
url:	https://cwe.mitre.org/data/definitions/426.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379966 // VULMON: CVE-2021-21562 // JVNDB: JVNDB-2021-009396 // CNNVD: CNNVD-202108-129 // NVD: CVE-2021-21562

SOURCES

db:	VULHUB	id:	VHN-379966
db:	VULMON	id:	CVE-2021-21562
db:	JVNDB	id:	JVNDB-2021-009396
db:	CNNVD	id:	CNNVD-202108-129
db:	NVD	id:	CVE-2021-21562

LAST UPDATE DATE

2024-08-14T14:11:16.262000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379966	date:	2021-08-11T00:00:00
db:	VULMON	id:	CVE-2021-21562	date:	2021-08-11T00:00:00
db:	JVNDB	id:	JVNDB-2021-009396	date:	2022-04-25T09:19:00
db:	CNNVD	id:	CNNVD-202108-129	date:	2021-08-17T00:00:00
db:	NVD	id:	CVE-2021-21562	date:	2021-08-11T18:27:01.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379966	date:	2021-08-03T00:00:00
db:	VULMON	id:	CVE-2021-21562	date:	2021-08-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-009396	date:	2022-04-25T00:00:00
db:	CNNVD	id:	CNNVD-202108-129	date:	2021-08-02T00:00:00
db:	NVD	id:	CVE-2021-21562	date:	2021-08-03T00:15:08.263