PT-2021-14638 · Dell Emc · Dell Emc Powerscale Onefs

Published

2021-08-16

Updated

2021-08-25

CVE-2021-21595

CVSS v3.1

6.7

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC PowerScale OneFS versions 8.2.x through 9.1.1.x

Description The issue is related to an improper neutralization of special elements used in an OS command, which could allow the compadmin user to elevate privileges. This affects Smartlock WORM compliance mode clusters as a critical issue.

Recommendations For versions 8.2.x through 9.1.1.x, update or upgrade at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting the privileges of the compadmin user to minimize the risk of exploitation.

Fix

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2021-21595

Affected Products

Dell Emc Powerscale Onefs

PT-2021-14638 · Dell Emc · Dell Emc Powerscale Onefs

CVE-2021-21595

Weakness Enumeration

Related Identifiers

Affected Products

References · 4