PT-2021-21215 · Dell Emc · Dell Emc Cloudlink

Published

2021-11-23

Updated

2021-11-24

CVE-2021-36313

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC CloudLink versions 7.1 and all prior versions

Description The issue allows a remote high privileged attacker to potentially exploit an OS command injection vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS with the privileges of the vulnerable application. This could result in a system takeover by an attacker and is considered critical as it may compromise both the vulnerable application and the underlying operating system.

Recommendations For Dell EMC CloudLink versions 7.1 and all prior versions, upgrade to a newer version at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to the application to minimize the risk of exploitation.

Fix

Special Elements Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-78

Related Identifiers

CVE-2021-36313

Affected Products

Dell Emc Cloudlink

PT-2021-21215 · Dell Emc · Dell Emc Cloudlink

CVE-2021-36313

Weakness Enumeration

Related Identifiers

Affected Products

References · 4