PT-2021-14597 · Dell · Unity Xt+4

Published

2021-04-30

Updated

2021-05-11

CVE-2021-21547

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008

Description The issue concerns a plain-text password storage vulnerability that occurs when the Dell Upgrade Readiness Utility is run on the system. This vulnerability exposes the credentials of the Unisphere Administrator, which are stored in plain text. A local malicious user with high privileges may exploit this to gain access with the privileges of the compromised user.

Recommendations For versions prior to 5.0.7.0.5.008, update to version 5.0.7.0.5.008 or later to resolve the issue. As a temporary workaround, consider restricting access to the Dell Upgrade Readiness Utility to minimize the risk of exploitation.

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

CVE-2021-21547

Affected Products

Dell Emc Unity

Dell Upgrade Readiness Utility

Unisphere

Unity Xt

Unityvsa

PT-2021-14597 · Dell · Unity Xt+4

CVE-2021-21547

Weakness Enumeration

Related Identifiers

Affected Products

References · 3