Lucene search

[email protected]NVD:CVE-2021-21526

HistoryApr 20, 2021 - 5:15 p.m.

CVE-2021-21526

2021-04-2017:15:11

CWE-78

[email protected]

web.nvd.nist.gov

dell powerscale

onefs

privilege escalation

smartlock

compliance mode

compadmin

arbitrary commands

root

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.1%

JSON

Dell PowerScale OneFS 8.1.0 - 9.1.0 contains a privilege escalation in SmartLock compliance mode that may allow compadmin to execute arbitrary commands as root.

Affected configurations

Nvd

Node

dellpowerscale_onefsRange8.1.0–9.1.0

VendorProductVersionCPE
dellpowerscale_onefs*cpe:2.3:a:dell:powerscale_onefs:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	powerscale_onefs	*	cpe:2.3:a:dell:powerscale_onefs::::::::

References

www.dell.com/support/kbdoc/000185202

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

13.1%

JSON

Related for NVD:CVE-2021-21526

cvelist1 prion1 cve1