CVE-2021-21595 MEDIUM

CVE-2021-21595

Vendor Dell
Product PowerScale OneFS
Weakness CWE-77
Published August 16, 2021
Last update September 17, 2024

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

Key dates

02Disclosure timeline

August 16, 2021 CVE published
September 17, 2024 Record updated