PT-2021-14609 · Dell · Dell Powerscale Onefs

Published

2021-11-23

Updated

2021-11-27

CVE-2021-21561

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS version 8.1.2

Description The issue allows a malicious user with ISI PRIV LOGIN SSH and/or ISI PRIV LOGIN CONSOLE privileges to gain access to sensitive information in the log files. This is a sensitive information exposure issue.

Recommendations For Dell PowerScale OneFS version 8.1.2, consider restricting access to log files and limiting privileges to prevent exploitation until a patch is available. As a temporary workaround, review and restrict the use of ISI PRIV LOGIN SSH and ISI PRIV LOGIN CONSOLE privileges to minimize the risk of sensitive information exposure.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2021-21561

Affected Products

Dell Powerscale Onefs

PT-2021-14609 · Dell · Dell Powerscale Onefs

CVE-2021-21561

Weakness Enumeration

Related Identifiers

Affected Products

References · 5