Details of VAR-202108-0404

ID

VAR-202108-0404

CVE

CVE-2021-21568

TITLE

Dell EMC PowerScale OneFS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010674

DESCRIPTION

Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an insufficient logging vulnerability. An authenticated user with ISI_PRIV_LOGIN_PAPI could make un-audited and un-trackable configuration changes to settings that their roles have privileges to change. Dell EMC PowerScale OneFS Exists in unspecified vulnerabilities.Information may be tampered with. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL). A security vulnerability exists in Dell EMC PowerScale OneFS where users authenticated through the ISI PRIV LOGIN PAPI can make unaudited and untraceable configuration changes to settings that their role has permission to change

Trust: 1.8

sources: NVD: CVE-2021-21568 // JVNDB: JVNDB-2021-010674 // VULHUB: VHN-379972 // VULMON: CVE-2021-21568

AFFECTED PRODUCTS

vendor:	dell	model:	emc powerscale onefs	scope:	gte	version:	9.0.0.0	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	lte	version:	9.2.1	Trust: 1.0
vendor:	dell	model:	emc powerscale onefs	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	デル	model:	emc powerscale onefs	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	emc powerscale onefs	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010674 // NVD: CVE-2021-21568

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21568
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21568
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21568
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202108-1484
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379972
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21568
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21568
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-379972
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21568
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21568
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21568
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379972 // VULMON: CVE-2021-21568 // JVNDB: JVNDB-2021-010674 // CNNVD: CNNVD-202108-1484 // NVD: CVE-2021-21568 // NVD: CVE-2021-21568

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010674 // NVD: CVE-2021-21568

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1484

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1484

PATCH

title:	DSA-2021-142	url:	https://www.dell.com/support/kbdoc/ja-jp/000190408/dsa-2021-142-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities	Trust: 0.8
title:	DELL EMC PowerScale Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160567	Trust: 0.6

sources: JVNDB: JVNDB-2021-010674 // CNNVD: CNNVD-202108-1484

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21568	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010674	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-1484	Trust: 0.7
db:	VULHUB	id:	VHN-379972	Trust: 0.1
db:	VULMON	id:	CVE-2021-21568	Trust: 0.1

sources: VULHUB: VHN-379972 // VULMON: CVE-2021-21568 // JVNDB: JVNDB-2021-010674 // CNNVD: CNNVD-202108-1484 // NVD: CVE-2021-21568

REFERENCES

url:	https://www.dell.com/support/kbdoc/000190408	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21568	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/269.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379972 // VULMON: CVE-2021-21568 // JVNDB: JVNDB-2021-010674 // CNNVD: CNNVD-202108-1484 // NVD: CVE-2021-21568

SOURCES

db:	VULHUB	id:	VHN-379972
db:	VULMON	id:	CVE-2021-21568
db:	JVNDB	id:	JVNDB-2021-010674
db:	CNNVD	id:	CNNVD-202108-1484
db:	NVD	id:	CVE-2021-21568

LAST UPDATE DATE

2024-08-14T14:03:06.672000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379972	date:	2022-05-03T00:00:00
db:	VULMON	id:	CVE-2021-21568	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-010674	date:	2022-07-07T01:33:00
db:	CNNVD	id:	CNNVD-202108-1484	date:	2022-05-05T00:00:00
db:	NVD	id:	CVE-2021-21568	date:	2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379972	date:	2021-08-16T00:00:00
db:	VULMON	id:	CVE-2021-21568	date:	2021-08-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-010674	date:	2022-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202108-1484	date:	2021-08-16T00:00:00
db:	NVD	id:	CVE-2021-21568	date:	2021-08-16T22:15:07.153