Details of VAR-202104-0667

ID

VAR-202104-0667

CVE

CVE-2021-21524

TITLE

Dell EMC Storage Resource Manager Code problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-653

DESCRIPTION

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers. Dell EMC Storage Resource Manager is an application software of Dell (Dell). A comprehensive monitoring and reporting solution that helps IT visualize, analyze and optimize today's storage infrastructure while providing a management framework to support investments in software-defined storage

Trust: 1.08

sources: NVD: CVE-2021-21524 // VULHUB: VHN-379928 // VULMON: CVE-2021-21524

AFFECTED PRODUCTS

vendor:	dell	model:	storage resource manager	scope:	lt	version:	4.5.0.1	Trust: 1.0
vendor:	dell	model:	storage monitoring and reporting	scope:	lt	version:	4.5.0.1	Trust: 1.0

sources: NVD: CVE-2021-21524

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21524
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2021-21524
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202104-653
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-379928
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-21524
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-21524
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-379928
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21524
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21524
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-379928 // VULMON: CVE-2021-21524 // CNNVD: CNNVD-202104-653 // NVD: CVE-2021-21524 // NVD: CVE-2021-21524

PROBLEMTYPE DATA

problemtype:

CWE-502

Trust: 1.1

sources: VULHUB: VHN-379928 // NVD: CVE-2021-21524

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-653

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202104-653

PATCH

title:

Dell EMC Storage Resource Manager Repair measures for deserialization vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=147227

Trust: 0.6

sources: CNNVD: CNNVD-202104-653

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21524	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-653	Trust: 0.6
db:	VULHUB	id:	VHN-379928	Trust: 0.1
db:	VULMON	id:	CVE-2021-21524	Trust: 0.1

sources: VULHUB: VHN-379928 // VULMON: CVE-2021-21524 // CNNVD: CNNVD-202104-653 // NVD: CVE-2021-21524

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000184753/dsa-2021-054-dell-emc-srm-and-dell-emc-storage-monitoring-and-reporting-smr-security-update-for-multiple-vulnerabilities	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21524	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/502.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379928 // VULMON: CVE-2021-21524 // CNNVD: CNNVD-202104-653 // NVD: CVE-2021-21524

SOURCES

db:	VULHUB	id:	VHN-379928
db:	VULMON	id:	CVE-2021-21524
db:	CNNVD	id:	CNNVD-202104-653
db:	NVD	id:	CVE-2021-21524

LAST UPDATE DATE

2024-11-23T21:34:42.836000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379928	date:	2021-04-22T00:00:00
db:	VULMON	id:	CVE-2021-21524	date:	2021-04-22T00:00:00
db:	CNNVD	id:	CNNVD-202104-653	date:	2021-04-23T00:00:00
db:	NVD	id:	CVE-2021-21524	date:	2024-11-21T05:48:31.380

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379928	date:	2021-04-12T00:00:00
db:	VULMON	id:	CVE-2021-21524	date:	2021-04-12T00:00:00
db:	CNNVD	id:	CNNVD-202104-653	date:	2021-04-12T00:00:00
db:	NVD	id:	CVE-2021-21524	date:	2021-04-12T20:15:11.680