CVE-2021-36294 — Insufficient Entropy in Dell VNX Control Station

CWE-331 — Insufficient Entropy CWE-330 — Use of Insufficiently Random Values3 documents3 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 37.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell VNX Control Station Dell EMC Unity Operating Environment

Timeline

PublishedJan 25

Latest updateJan 27

Description

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability by forging a cookie to login as any user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5dell/vnx_control_stationunspecified — TBD

▶NVDdell/emc_unity_operating_environment8.1.21.266

🔴Vulnerability Details

GHSA

GHSA-h72m-3m74-9ppq: Dell VNX2 OE for File versions 8↗2022-01-27

▶

CVEList

CVE-2021-36294: Dell VNX2 OE for File versions 8↗2022-01-25

▶