Overview
- Description
- Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 6.7
- Impact score
- 5.9
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.6
- Impact score
- 6.4
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:P/A:P
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FA1981C-C851-4154-B0DC-E4D0C8FF719C",
"versionEndExcluding": "9.2.0",
"versionStartIncluding": "9.0.0.0"
},
{
"criteria": "cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF89B320-6D5A-4E46-A1FA-FCDB31F325C4"
}
],
"operator": "OR"
}
]
}
]