CVE-2021-43589 — Command Injection in Dell Unity

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

6.7MEDIUMNVD

CNA6.0

EPSS

0.1%

top 81.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dell Unity Dell EMC Unity Operating Environment Dell EMC Unity XT Operating Environment +1 more

Timeline

PublishedJan 24

Latest updateJan 25

Description

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages4 packages

▶NVDdell/emc_unityvsa_operating_environment< 5.1.2.0.5.007

▶NVDdell/emc_unity_operating_environment< 5.1.2.0.5.007

▶NVDdell/emc_unity_xt_operating_environment< 5.1.2.0.5.007

▶CVEListV5dell/unityunspecified — 5.1.2.0.5.007

🔴Vulnerability Details

GHSA

GHSA-cwww-vcw4-xq3m: Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5↗2022-01-25

▶

CVEList

CVE-2021-43589: Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5↗2022-01-24

▶