CVE-2021-21502
published 2021-02-09CVE-2021-21502: Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | emc_powerscale_onefs | — | — |
| dell | emc_powerscale_onefs | — | — |
| dell | emc_powerscale_onefs | — | — |
| dell | emc_powerscale_onefs | — | — |
| dell | emc_powerscale_onefs | — | — |
| dell | emc_powerscale_onefs | — | — |
| dell | emc_powerscale_onefs | — | — |
| dell | emc_powerscale_onefs | — | — |
| dell | powerscale_onefs | >= unspecified < 8.1.2 / 8.2.2 / 9.1.0.x / Empire / Main | 8.1.2 / 8.2.2 / 9.1.0.x / Empire / Main |