CVE-2021-36339 — Execution with Unnecessary Privileges in Dell Solutions Enabler Vapp

CWE-250 — Execution with Unnecessary Privileges CWE-269 — Improper Privilege Management3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 82.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Solutions Enabler Vapp Dell Solutions Enabler Dell Solutions Enabler Virtual Appliance +5 more

Timeline

PublishedJan 21

Latest updateJan 22

Description

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDdell/solutions_enabler_virtual_appliance9.2.0.0 — 9.2.3.0+1

▶NVDdell/vasa9.2.0.0 — 9.2.3.0+1

▶NVDdell/unisphere9.2.0.0 — 9.2.3.4+1

▶NVDdell/unisphere_3609.2.0.0 — 9.2.3.3+1

▶NVDdell/solutions_enabler9.2.0.0 — 9.2.3.0+1

Patches

Patch: www.dell.com ↗Patch: www.dell.com ↗

🔴Vulnerability Details

GHSA

GHSA-9v7x-c67j-g827: The Dell EMC Virtual Appliances before 9↗2022-01-22

▶

CVEList

CVE-2021-36339: The Dell EMC Virtual Appliances before 9↗2022-01-21

▶