CVE-2021-36290

Published: Apr 8, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges.

Affected (1)

Products: Dell: Emc Unity Operating Environment

Dell

1 product

Emc Unity Operating Environment

Configuration A

1 vulnerable · 9 platform

Vulnerable Software	Affected Versions
Dell Emc Unity Operating Environment	Up to 8.1.21.266

Running on/with	Platform Versions
Dell Vnx5200	All versions
Dell Vnx5400	All versions
Dell Vnx5600	All versions
Dell Vnx5800	All versions
Dell Vnx7600	All versions
Dell Vnx8000	All versions
Dell Vnx Vg10	All versions
Dell Vnx Vg50	All versions
Dell Vnxe1600	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.