CVE-2021-36289 - OpenCVE

Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Vnx8000 Vnx Vg50 Vnx5800 Vnx5200 Vnx5600 Vnx5400 Vnx Vg10 Vnx7600 Emc Unity Operating Environment

Configuration 1 [-]

AND

cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:vnx_vg10:-:::::::*
	cpe:2.3:h:dell:vnx_vg50:-:::::::*
	cpe:2.3:h:dell:vnx5200:-:::::::*
	cpe:2.3:h:dell:vnx5400:-:::::::*
	cpe:2.3:h:dell:vnx5600:-:::::::*
	cpe:2.3:h:dell:vnx5800:-:::::::*
	cpe:2.3:h:dell:vnx7600:-:::::::*
	cpe:2.3:h:dell:vnx8000:-:::::::*

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2021-09-07T00:00:00

Updated: 2022-01-25T22:15:19

Reserved: 2021-07-08T00:00:00

Link: CVE-2021-36289

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-25T23:15:08.500

Modified: 2022-01-31T21:29:50.980

Link: CVE-2021-36289

JSON object: View

Redhat Information

No data.

CWE

CWE-532

{"containers": {"cna": {"affected": [{"product": "VNX Control Station", "vendor": "Dell", "versions": [{"lessThan": "TBD", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532: Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-25T22:15:19", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2021-09-07", "ID": "CVE-2021-36289", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VNX Control Station", "version": {"version_data": [{"version_affected": "<", "version_value": "TBD"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it."}]}, "impact": {"cvss": {"baseScore": 7.8, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532: Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2021-36289", "datePublished": "2021-09-07T00:00:00", "dateReserved": "2021-07-08T00:00:00", "dateUpdated": "2022-01-25T22:15:19", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_unity_operating_environment:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCF2F423-762A-4FB0-9C78-665719437611", "versionEndIncluding": "8.1.21.266", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:dell:vnx_vg10:-:*:*:*:*:*:*:*", "matchCriteriaId": "97AAC263-26AA-46D3-99ED-1FC122680E9B", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:vnx_vg50:-:*:*:*:*:*:*:*", "matchCriteriaId": "E6E09A30-8E1B-4FDE-9EAB-FD97297223E8", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:vnx5200:-:*:*:*:*:*:*:*", "matchCriteriaId": "8048D181-E5D8-434C-AEBD-F6AC5A39E196", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:vnx5400:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D31CA9-BA67-49D7-B079-43A78E15E9F7", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:vnx5600:-:*:*:*:*:*:*:*", "matchCriteriaId": "BF50C06E-3275-4DE3-9A1E-B713EC71BFE9", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:vnx5800:-:*:*:*:*:*:*:*", "matchCriteriaId": "E086C5AD-C7DC-4C8C-9690-58AB91BA4484", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:vnx7600:-:*:*:*:*:*:*:*", "matchCriteriaId": "69CB6012-801D-4A0E-B260-A056FBA2ECE9", "vulnerable": false}, {"criteria": "cpe:2.3:h:dell:vnx8000:-:*:*:*:*:*:*:*", "matchCriteriaId": "F02386BF-9508-4913-90E4-AEC7F3A7C5E1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information and use it."}, {"lang": "es", "value": "Dell VNX2 OE for File versiones 8.1.21.266 y anteriores, contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial. Un usuario local malicioso puede aprovechar esta vulnerabilidad para leer informaci\u00f3n confidencial y usarla"}], "id": "CVE-2021-36289", "lastModified": "2022-01-31T21:29:50.980", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2022-01-25T23:15:08.500", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "security_alert@emc.com", "type": "Secondary"}]}