CVE-2021-21565 — Uncontrolled Resource Consumption in Dell Powerscale Onefs

CWE-400 — Uncontrolled Resource Consumption CWE-834 — Excessive Iteration3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 40.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Powerscale Onefs

Timeline

PublishedAug 3

Latest updateMay 24

Description

Dell PowerScale OneFS versions 9.1.0.3 and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5dell/powerscale_onefsunspecified — 9.1.0.3

▶NVDdell/powerscale_onefs9.1.0.3

🔴Vulnerability Details

GHSA

GHSA-xxr9-34qv-3673: Dell PowerScale OneFS versions 9↗2022-05-24

▶

CVEList

CVE-2021-21565: Dell PowerScale OneFS versions 9↗2021-08-02

▶