CVE-2021-36339 - OpenCVE

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Dell	Solutions Enabler Vasa Unisphere 360 Unisphere For Powermax Solutions Enabler Virtual Appliance Powermax Os Unisphere For Powermax Virtual Appliance

Configuration 1 [-]

OR	cpe:2.3:a:dell:solutions_enabler::::::::
	cpe:2.3:a:dell:solutions_enabler::::::::
	cpe:2.3:a:dell:solutions_enabler_virtual_appliance::::::::
	cpe:2.3:a:dell:solutions_enabler_virtual_appliance::::::::
	cpe:2.3:a:dell:unisphere_360::::::::
	cpe:2.3:a:dell:unisphere_360::::::::
	cpe:2.3:a:dell:unisphere_for_powermax::::::::
	cpe:2.3:a:dell:unisphere_for_powermax::::::::
	cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance::::::::
	cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance::::::::
	cpe:2.3:a:dell:vasa::::::::
	cpe:2.3:a:dell:vasa::::::::
	cpe:2.3:o:dell:powermax_os:5978:::::::*

References

Link	Resource
https://www.dell.com/support/kbdoc/000194640	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: dell

Published: 2021-12-19T00:00:00

Updated: 2022-01-21T20:15:18

Reserved: 2021-07-08T00:00:00

Link: CVE-2021-36339

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-01-21T21:15:08.563

Modified: 2022-10-27T11:44:58.323

Link: CVE-2021-36339

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Solutions Enabler vApp", "vendor": "Dell", "versions": [{"lessThan": "9.2.2.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-12-19T00:00:00", "descriptions": [{"lang": "en", "value": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-250", "description": "CWE-250: Execution with Unnecessary Privileges", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-01-21T20:15:18", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/000194640"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2021-12-19", "ID": "CVE-2021-36339", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Solutions Enabler vApp", "version": {"version_data": [{"version_affected": "<", "version_value": "9.2.2.2"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance."}]}, "impact": {"cvss": {"baseScore": 7.8, "baseSeverity": "High", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-250: Execution with Unnecessary Privileges"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/000194640", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/000194640"}]}}}}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2021-36339", "datePublished": "2021-12-19T00:00:00", "dateReserved": "2021-07-08T00:00:00", "dateUpdated": "2022-01-21T20:15:18", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:solutions_enabler:*:*:*:*:*:*:*:*", "matchCriteriaId": "515FA8C1-EBE4-4C95-A4F0-490A9253CBDC", "versionEndExcluding": "9.1.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:solutions_enabler:*:*:*:*:*:*:*:*", "matchCriteriaId": "0B69897E-9004-4C03-BE06-55587AEE5988", "versionEndExcluding": "9.2.3.0", "versionStartIncluding": "9.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "019DA7BB-C234-430B-AC32-2E814E0891DF", "versionEndExcluding": "9.1.0.18", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:solutions_enabler_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "428D83E3-D8EC-4219-9B75-E9758EB00210", "versionEndExcluding": "9.2.3.0", "versionStartIncluding": "9.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_360:*:*:*:*:*:*:*:*", "matchCriteriaId": "2EE42B7D-E49F-44F3-829E-BA72F1D42F7F", "versionEndExcluding": "9.1.0.29", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_360:*:*:*:*:*:*:*:*", "matchCriteriaId": "B164012E-60A3-48C6-BEB6-925A1F210BA1", "versionEndExcluding": "9.2.3.3", "versionStartIncluding": "9.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*", "matchCriteriaId": "B34D944B-D1B6-4B10-9120-BBFC0CC244BA", "versionEndExcluding": "9.1.0.31", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_for_powermax:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1778817-3C6F-4448-A30E-2A63FC1113CA", "versionEndExcluding": "9.2.3.4", "versionStartIncluding": "9.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "C672671E-0F6F-4501-8842-3BAB7A042DC5", "versionEndExcluding": "9.1.0.31", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unisphere_for_powermax_virtual_appliance:*:*:*:*:*:*:*:*", "matchCriteriaId": "72F83DE8-B2E7-4E27-8863-4AB2FCA3ABA9", "versionEndExcluding": "9.2.3.4", "versionStartIncluding": "9.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:vasa:*:*:*:*:*:*:*:*", "matchCriteriaId": "D50A0BBF-0D40-433E-92AD-E30768920733", "versionEndExcluding": "9.1.0.723", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:vasa:*:*:*:*:*:*:*:*", "matchCriteriaId": "620ABE76-5646-455C-93C8-F6009C4E668D", "versionEndExcluding": "9.2.3.0", "versionStartIncluding": "9.2.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:dell:powermax_os:5978:*:*:*:*:*:*:*", "matchCriteriaId": "43696C46-48E8-43E4-9387-77CE1B2BD401", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance."}, {"lang": "es", "value": "Los dispositivos virtuales de Dell EMC versiones anteriores a 9.2.2.2, contienen cuentas de usuario no documentadas. Un usuario local malicioso puede explotar potencialmente esta vulnerabilidad para conseguir acceso privilegiado al dispositivo virtual"}], "id": "CVE-2021-36339", "lastModified": "2022-10-27T11:44:58.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2022-01-21T21:15:08.563", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000194640"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-250"}], "source": "security_alert@emc.com", "type": "Secondary"}]}