Learn about CVE-2021-21562, where Dell EMC PowerScale OneFS is vulnerable to unauthorized path specification, allowing certain users to execute resources outside application control.
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability that allows a user to provide an untrusted path leading to resources not under the application's control.
Understanding CVE-2021-21562
This CVE involves an untrusted search path vulnerability in Dell EMC PowerScale OneFS.
What is CVE-2021-21562?
The CVE-2021-21562 vulnerability in Dell EMC PowerScale OneFS allows certain users to specify an untrusted path, potentially resulting in the execution of unauthorized resources.
The Impact of CVE-2021-21562
With a CVSS base score of 4.4 (Medium), this vulnerability can be exploited by users with specific privileges to run unauthorized resources.
Technical Details of CVE-2021-21562
This section delves into the specifics of the CVE, including the vulnerability description, affected systems, and the exploitation mechanism.
Vulnerability Description
The vulnerability in Dell EMC PowerScale OneFS allows users with specific privileges to specify untrusted paths that can lead to unauthorized resource execution.
Affected Systems and Versions
The affected product is PowerScale OneFS by Dell across versions 8.1.2, 8.1.3, 9.1.0.x, and 9.0.0.x.
Exploitation Mechanism
To exploit CVE-2021-21562, an attacker needs privileges like ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE along with ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT permissions.
Mitigation and Prevention
In this section, find out the immediate steps to take and long-term security practices to mitigate the risks posed by CVE-2021-21562.
Immediate Steps to Take
Ensure that affected systems are updated and monitor for any unauthorized activities.
Long-Term Security Practices
Regularly review and update access privileges to prevent unauthorized path specification.
Patching and Updates
Apply patches and updates provided by Dell to address the untrusted search path vulnerability in PowerScale OneFS.