CVE-2021-36296

Published Jan 25, 2022

Last updated 3 years ago

CVSS high 7.2

Overview

Description: Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to execute commands on the system.
Source: security_alert@emc.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.2
Impact score: 5.9
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-78
security_alert@emc.com: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCF2F423-762A-4FB0-9C78-665719437611",
            "versionEndIncluding": "8.1.21.266"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:vnx_vg10:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "97AAC263-26AA-46D3-99ED-1FC122680E9B"
          },
          {
            "criteria": "cpe:2.3:h:dell:vnx_vg50:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E6E09A30-8E1B-4FDE-9EAB-FD97297223E8"
          },
          {
            "criteria": "cpe:2.3:h:dell:vnx5200:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "8048D181-E5D8-434C-AEBD-F6AC5A39E196"
          },
          {
            "criteria": "cpe:2.3:h:dell:vnx5400:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E0D31CA9-BA67-49D7-B079-43A78E15E9F7"
          },
          {
            "criteria": "cpe:2.3:h:dell:vnx5600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BF50C06E-3275-4DE3-9A1E-B713EC71BFE9"
          },
          {
            "criteria": "cpe:2.3:h:dell:vnx5800:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E086C5AD-C7DC-4C8C-9690-58AB91BA4484"
          },
          {
            "criteria": "cpe:2.3:h:dell:vnx7600:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "69CB6012-801D-4A0E-B260-A056FBA2ECE9"
          },
          {
            "criteria": "cpe:2.3:h:dell:vnx8000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F02386BF-9508-4913-90E4-AEC7F3A7C5E1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References