PT-2022-11871 · Dell · Dell Emc Unity+1

Published

2022-01-24

Updated

2022-01-28

CVE-2021-43589

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dell EMC Unity versions prior to 5.1.2.0.5.007 Dell EMC UnityVSA versions prior to 5.1.2.0.5.007 Dell EMC Unity XT versions prior to 5.1.2.0.5.007

Description The issue allows a locally authenticated user with high privileges to potentially exploit an operating system command injection, leading to the execution of arbitrary OS commands on the Unity underlying OS with the privileges of the vulnerable application. This may result in an elevation of privilege.

Recommendations For Dell EMC Unity, Dell EMC UnityVSA, and Dell EMC Unity XT versions prior to 5.1.2.0.5.007, update to version 5.1.2.0.5.007 or later to resolve the issue.

Fix

OS Command Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78CWE-77

Related Identifiers

CVE-2021-43589

Affected Products

Dell Emc Unity

Dell Emc Unityvsa

PT-2022-11871 · Dell · Dell Emc Unity+1

CVE-2021-43589

Weakness Enumeration

Related Identifiers

Affected Products

References · 4