CVE-2021-21599

Name of the Vulnerable Software and Affected Versions Dell EMC PowerScale OneFS versions 8.2.x through 9.2.1.x

Description The issue is an OS command injection vulnerability that may allow a user with ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE privileges to escalate privileges and escape compliance guarantees. This vulnerability specifically impacts Smartlock WORM compliance mode clusters.

Recommendations For Dell EMC PowerScale OneFS versions 8.2.x through 9.2.1.x, update or upgrade at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to the ISI PRIV LOGIN SSH and ISI PRIV LOGIN CONSOLE privileges to minimize the risk of exploitation.