CVE-2021-21502

Published: Feb 9, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.

Affected (8)

Products: Dell: Emc Powerscale Onefs

Dell

1 product

Emc Powerscale Onefs

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Powerscale Onefs	Version 8.1.0
Dell Emc Powerscale Onefs	Version 8.1.1
Dell Emc Powerscale Onefs	Version 8.1.2
Dell Emc Powerscale Onefs	Version 8.2.0
Dell Emc Powerscale Onefs	Version 8.2.1
Dell Emc Powerscale Onefs	Version 8.2.2
Dell Emc Powerscale Onefs	Version 9.0.0
Dell Emc Powerscale Onefs	Version 9.1.0

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.