Sign-up

ID

VAR-202108-0513


CVE

CVE-2021-21595


TITLE

Dell EMC PowerScale OneFS  Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010671

DESCRIPTION

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity. Dell EMC PowerScale OneFS Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL EMC PowerScale is a scale-out storage system for unstructured data from Dell (DELL)

Trust: 1.8

sources: NVD: CVE-2021-21595 // JVNDB: JVNDB-2021-010671 // VULHUB: VHN-379999 // VULMON: CVE-2021-21595

AFFECTED PRODUCTS

vendor:dellmodel:emc powerscale onefsscope:gteversion:9.0.0.0

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:eqversion:8.2.2

Trust: 1.0

vendor:dellmodel:emc powerscale onefsscope:ltversion:9.2.0

Trust: 1.0

vendor:デルmodel:emc powerscale onefsscope: - version: -

Trust: 0.8

vendor:デルmodel:emc powerscale onefsscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-010671 // NVD: CVE-2021-21595

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21595
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2021-21595
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-21595
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202108-1490
value: MEDIUM

Trust: 0.6

VULHUB: VHN-379999
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-21595
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21595
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-379999
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21595
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-21595
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-21595
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379999 // VULMON: CVE-2021-21595 // JVNDB: JVNDB-2021-010671 // CNNVD: CNNVD-202108-1490 // NVD: CVE-2021-21595 // NVD: CVE-2021-21595

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:Command injection (CWE-77) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-379999 // JVNDB: JVNDB-2021-010671 // NVD: CVE-2021-21595

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-1490

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-202108-1490

PATCH

title:DSA-2021-142url:https://www.dell.com/support/kbdoc/ja-jp/000190408/dsa-2021-142-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Trust: 0.8

title:DELL EMC PowerScale Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=160723

Trust: 0.6

sources: JVNDB: JVNDB-2021-010671 // CNNVD: CNNVD-202108-1490

EXTERNAL IDS

db:NVDid:CVE-2021-21595

Trust: 3.4

db:JVNDBid:JVNDB-2021-010671

Trust: 0.8

db:CNNVDid:CNNVD-202108-1490

Trust: 0.7

db:VULHUBid:VHN-379999

Trust: 0.1

db:VULMONid:CVE-2021-21595

Trust: 0.1

sources: VULHUB: VHN-379999 // VULMON: CVE-2021-21595 // JVNDB: JVNDB-2021-010671 // CNNVD: CNNVD-202108-1490 // NVD: CVE-2021-21595

REFERENCES

url:https://www.dell.com/support/kbdoc/000190408

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-21595

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/77.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-379999 // VULMON: CVE-2021-21595 // JVNDB: JVNDB-2021-010671 // CNNVD: CNNVD-202108-1490 // NVD: CVE-2021-21595

SOURCES

db:VULHUBid:VHN-379999
db:VULMONid:CVE-2021-21595
db:JVNDBid:JVNDB-2021-010671
db:CNNVDid:CNNVD-202108-1490
db:NVDid:CVE-2021-21595

LAST UPDATE DATE

2024-08-14T14:25:16.375000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379999date:2021-08-25T00:00:00
db:VULMONid:CVE-2021-21595date:2021-08-25T00:00:00
db:JVNDBid:JVNDB-2021-010671date:2022-07-07T01:13:00
db:CNNVDid:CNNVD-202108-1490date:2021-08-26T00:00:00
db:NVDid:CVE-2021-21595date:2021-08-25T00:43:50.323

SOURCES RELEASE DATE

db:VULHUBid:VHN-379999date:2021-08-16T00:00:00
db:VULMONid:CVE-2021-21595date:2021-08-16T00:00:00
db:JVNDBid:JVNDB-2021-010671date:2022-07-07T00:00:00
db:CNNVDid:CNNVD-202108-1490date:2021-08-16T00:00:00
db:NVDid:CVE-2021-21595date:2021-08-16T22:15:07.490