PT-2021-4218 · Dell · Dell Vnx2 Oe For File
Guillaume Quéré
·
Published
2021-09-07
·
Updated
2022-01-31
·
CVE-2021-36294
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell VNX2 OE for File versions 8.1.21.266 and earlier
Description
The issue is related to weaknesses in the authentication mechanism of the Dell VNX2 storage system. This can allow a remote attacker to gain unauthorized access to protected information by exploiting the authentication bypass vulnerability. The attacker may forge a cookie to login as any user.
Recommendations
For Dell VNX2 OE for File versions 8.1.21.266 and earlier, consider disabling the authentication mechanism temporarily until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using forged cookies in the affected system until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Use of Insufficiently Random Values
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dell Vnx2 Oe For File