Lucene search

DellCVE-2021-21526

HistoryApr 20, 2021 - 5:15 p.m.

CVE-2021-21526

2021-04-2017:15:11

CWE-78

dell

web.nvd.nist.gov

dell

powerscale

onefs

8.1.0

9.1.0

privilege escalation

smartlock

compadmin

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

13.1%

JSON

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Affected configurations

Nvd

Vulners

Node

dellpowerscale_onefsRange8.1.0–9.1.0

VendorProductVersionCPE
dellpowerscale_onefs*cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	powerscale_onefs	*	cpe:2.3:a:dell:powerscale_onefs::::::::

CNA Affected

[
  {
    "product": "PowerScale OneFS",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "8.1.0-9.1.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/000185202

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

Percentile

13.1%

JSON

Related for CVE-2021-21526