Sign-up

ID

VAR-202104-0671


CVE

CVE-2021-21530


TITLE

Dell OpenManage Enterprise-Modular  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-006327

DESCRIPTION

Dell OpenManage Enterprise-Modular (OME-M) versions prior to 1.30.00 contain a security bypass vulnerability. An authenticated malicious user with low privileges may potentially exploit the vulnerability to escape from the restricted environment and gain access to sensitive information in the system, resulting in information disclosure and elevation of privilege. Dell OpenManage Enterprise-Modular (OME-M) Has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Dell OpenManage Enterprise is an easy-to-use one-to-many system management console for IT infrastructure management from Dell in the United States. The software enables cost-effective, comprehensive lifecycle management of Dell EMC PowerEdge servers in a single console

Trust: 1.8

sources: NVD: CVE-2021-21530 // JVNDB: JVNDB-2021-006327 // VULHUB: VHN-379934 // VULMON: CVE-2021-21530

AFFECTED PRODUCTS

vendor:dellmodel:openmanage enterprise-modularscope:ltversion:1.30.00

Trust: 1.0

vendor:デルmodel:dell openmanage enterprise-modularscope:eqversion: -

Trust: 0.8

vendor:デルmodel:dell openmanage enterprise-modularscope:eqversion:1.30.00

Trust: 0.8

sources: JVNDB: JVNDB-2021-006327 // NVD: CVE-2021-21530

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-21530
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2021-21530
value: HIGH

Trust: 1.0

NVD: CVE-2021-21530
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-713
value: HIGH

Trust: 0.6

VULHUB: VHN-379934
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-21530
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-21530
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-379934
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-21530
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-21530
baseSeverity: HIGH
baseScore: 8.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.5
version: 3.1

Trust: 1.0

NVD: CVE-2021-21530
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-379934 // VULMON: CVE-2021-21530 // JVNDB: JVNDB-2021-006327 // CNNVD: CNNVD-202104-713 // NVD: CVE-2021-21530 // NVD: CVE-2021-21530

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-379934 // JVNDB: JVNDB-2021-006327 // NVD: CVE-2021-21530

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-713

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202104-713

PATCH

title:DSA-2021-060url:https://www.dell.com/support/kbdoc/ja-jp/000185205/dsa-2020-060-dell-emc-openmanage-enterprise-modular-ome-m-security-update-for-a-bypass-vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-006327

EXTERNAL IDS

db:NVDid:CVE-2021-21530

Trust: 3.4

db:JVNDBid:JVNDB-2021-006327

Trust: 0.8

db:CNNVDid:CNNVD-202104-713

Trust: 0.6

db:VULHUBid:VHN-379934

Trust: 0.1

db:VULMONid:CVE-2021-21530

Trust: 0.1

sources: VULHUB: VHN-379934 // VULMON: CVE-2021-21530 // JVNDB: JVNDB-2021-006327 // CNNVD: CNNVD-202104-713 // NVD: CVE-2021-21530

REFERENCES

url:https://www.dell.com/support/kbdoc/000185205

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-21530

Trust: 1.4

url:https://vigilance.fr/vulnerability/dell-openmanage-enterprise-modular-privilege-escalation-35057

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-379934 // VULMON: CVE-2021-21530 // JVNDB: JVNDB-2021-006327 // CNNVD: CNNVD-202104-713 // NVD: CVE-2021-21530

SOURCES

db:VULHUBid:VHN-379934
db:VULMONid:CVE-2021-21530
db:JVNDBid:JVNDB-2021-006327
db:CNNVDid:CNNVD-202104-713
db:NVDid:CVE-2021-21530

LAST UPDATE DATE

2024-08-14T14:55:58.430000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-379934date:2021-05-10T00:00:00
db:VULMONid:CVE-2021-21530date:2021-05-10T00:00:00
db:JVNDBid:JVNDB-2021-006327date:2022-01-05T06:28:00
db:CNNVDid:CNNVD-202104-713date:2021-05-11T00:00:00
db:NVDid:CVE-2021-21530date:2021-05-10T19:30:41.963

SOURCES RELEASE DATE

db:VULHUBid:VHN-379934date:2021-04-30T00:00:00
db:VULMONid:CVE-2021-21530date:2021-04-30T00:00:00
db:JVNDBid:JVNDB-2021-006327date:2022-01-05T00:00:00
db:CNNVDid:CNNVD-202104-713date:2021-04-13T00:00:00
db:NVDid:CVE-2021-21530date:2021-04-30T21:15:08.637