CVE-2021-21502

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 8.1.0 through 9.1.0

Description The issue is related to a flaw in the authentication procedure when using an account with an expired term. This could allow a remote attacker to gain unauthorized access to protected information. A user on the network with the ISI PRIV AUTH SSH RBAC privilege and an expired account may exploit this, giving them access to the same privileges they had before account expiration, potentially including high-privileged accounts.

Recommendations For Dell PowerScale OneFS versions 8.1.0 through 9.1.0, upgrade to a newer version at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting the ISI PRIV AUTH SSH RBAC privilege to minimize the risk of exploitation.