PT-2021-14569 · Dell Emc · Dell Powerprotect Cyber Recovery

Published

2021-02-19

Updated

2021-02-25

CVE-2021-21512

CVSS v3.1

7.9

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Dell EMC PowerProtect Cyber Recovery version 19.7.0.1

Description The issue allows a locally authenticated high privileged Cyber Recovery user to potentially exploit it, leading to the takeover of the notification email account. This is due to an Information Disclosure vulnerability.

Recommendations For Dell EMC PowerProtect Cyber Recovery version 19.7.0.1, update to a version that contains a fix for this issue to prevent potential exploitation. As a temporary workaround, consider restricting access to the notification email account associated with Cyber Recovery until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2021-21512

Affected Products

Dell Powerprotect Cyber Recovery

PT-2021-14569 · Dell Emc · Dell Powerprotect Cyber Recovery

CVE-2021-21512

Weakness Enumeration

Related Identifiers

Affected Products

References · 4