Lucene search

DellCVE-2021-36287

HistoryApr 08, 2022 - 8:15 p.m.

CVE-2021-36287

2022-04-0820:15:09

CWE-78

dell

web.nvd.nist.gov

cve-2021-36287

dell vnx2

file version

unauthenticated

remote code execution

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to execute commands on the system.

Affected configurations

Nvd

Node

dellemc_unity_operating_environmentRange≤8.1.21.266

AND

dellvnx_vg10Match-

dellvnx_vg50Match-

dellvnx5200Match-

dellvnx5400Match-

dellvnx5600Match-

dellvnx5800Match-

dellvnx7600Match-

dellvnx8000Match-

dellvnxe1600Match-

VendorProductVersionCPE
dellemc_unity_operating_environment*cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*
dellvnx_vg10-cpe:2.3:h:dell:vnx_vg10:-:*:*:*:*:*:*:*
dellvnx_vg50-cpe:2.3:h:dell:vnx_vg50:-:*:*:*:*:*:*:*
dellvnx5200-cpe:2.3:h:dell:vnx5200:-:*:*:*:*:*:*:*
dellvnx5400-cpe:2.3:h:dell:vnx5400:-:*:*:*:*:*:*:*
dellvnx5600-cpe:2.3:h:dell:vnx5600:-:*:*:*:*:*:*:*
dellvnx5800-cpe:2.3:h:dell:vnx5800:-:*:*:*:*:*:*:*
dellvnx7600-cpe:2.3:h:dell:vnx7600:-:*:*:*:*:*:*:*
dellvnx8000-cpe:2.3:h:dell:vnx8000:-:*:*:*:*:*:*:*
dellvnxe1600-cpe:2.3:h:dell:vnxe1600:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	emc_unity_operating_environment	*	cpe:2.3:a:dell:emc_unity_operating_environment::::::::
dell	vnx_vg10	-	cpe:2.3:h:dell:vnx_vg10:-:::::::*
dell	vnx_vg50	-	cpe:2.3:h:dell:vnx_vg50:-:::::::*
dell	vnx5200	-	cpe:2.3:h:dell:vnx5200:-:::::::*
dell	vnx5400	-	cpe:2.3:h:dell:vnx5400:-:::::::*
dell	vnx5600	-	cpe:2.3:h:dell:vnx5600:-:::::::*
dell	vnx5800	-	cpe:2.3:h:dell:vnx5800:-:::::::*
dell	vnx7600	-	cpe:2.3:h:dell:vnx7600:-:::::::*
dell	vnx8000	-	cpe:2.3:h:dell:vnx8000:-:::::::*
dell	vnxe1600	-	cpe:2.3:h:dell:vnxe1600:-:::::::*

CNA Affected

[
  {
    "product": "VNX2",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "Version 8.1.21.303 (file) Version 5.33.021.5.303 (block)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

Related for CVE-2021-36287