CVE-2021-21595Command Injection in Dell EMC Powerscale Onefs

CWE-77Command Injection3 documents3 sources
Severity
6.7MEDIUMNVD
CNA6.0
EPSS
0.1%
top 66.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Dell EMC Powerscale OnefsDell Powerscale Onefs
Timeline
PublishedAug 16
Latest updateMay 24

Description

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDdell/emc_powerscale_onefs9.0.0.09.2.0+1
CVEListV5dell/powerscale_onefs8.2.x - 9.1.1.x

Patches

Patch: www.dell.comPatch: www.dell.com

🔴Vulnerability Details

2
GHSA
GHSA-g6cr-75pq-47x7: Dell EMC PowerScale OneFS versions 82022-05-24
CVEList
CVE-2021-21595: Dell EMC PowerScale OneFS versions 82021-08-16
CVE-2021-21595 — Command Injection in Dell | cvebase