CVE-2021-21553Incorrect User Management in Dell Powerscale Onefs

CWE-286Incorrect User Management3 documents3 sources
Severity
8.8HIGHNVD
CNA7.3
EPSS
0.0%
top 90.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Dell Powerscale Onefs
Timeline
PublishedAug 3
Latest updateMay 24

Description

Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

NVDdell/powerscale_onefs8.1.09.1.0
CVEListV5dell/powerscale_onefs8.1.0-9.1.0

🔴Vulnerability Details

2
GHSA
GHSA-974f-9h45-g4v4: Dell PowerScale OneFS versions 82022-05-24
CVEList
CVE-2021-21553: Dell PowerScale OneFS versions 82021-08-02
CVE-2021-21553 — Incorrect User Management in Dell | cvebase