Details of VAR-202107-0573

ID

VAR-202107-0573

CVE

CVE-2021-21587

TITLE

Dell Wyse Management Suite Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2021-010102

DESCRIPTION

Dell Wyse Management Suite versions 3.2 and earlier contain a full path disclosure vulnerability. A local unauthenticated attacker could exploit this vulnerability in order to obtain the path of files and folders. The offering includes Wyse endpoint centralized management, asset tracking and automatic device discovery

Trust: 1.8

sources: NVD: CVE-2021-21587 // JVNDB: JVNDB-2021-010102 // VULHUB: VHN-379991 // VULMON: CVE-2021-21587

AFFECTED PRODUCTS

vendor:	dell	model:	wyse management suite	scope:	lte	version:	3.2	Trust: 1.0
vendor:	デル	model:	dell wyse management suite	scope:	lte	version:	3.2 and earlier	Trust: 0.8
vendor:	デル	model:	dell wyse management suite	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010102 // NVD: CVE-2021-21587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21587
value:	LOW
Trust: 1.0
security_alert@emc.com:	CVE-2021-21587
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21587
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-202107-1093
value:	LOW
Trust: 0.6
VULHUB:	VHN-379991
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-21587
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-379991
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21587
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-21587
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-21587
baseSeverity:	LOW
baseScore:	3.3
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-379991 // JVNDB: JVNDB-2021-010102 // CNNVD: CNNVD-202107-1093 // NVD: CVE-2021-21587 // NVD: CVE-2021-21587

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.1
problemtype:	information leak (CWE-200) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379991 // JVNDB: JVNDB-2021-010102 // NVD: CVE-2021-21587

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1093

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202107-1093

PATCH

title:	DSA-2021-137	url:	https://www.dell.com/support/kbdoc/000189363	Trust: 0.8
title:	Dell Wyse Management Suite Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158186	Trust: 0.6

sources: JVNDB: JVNDB-2021-010102 // CNNVD: CNNVD-202107-1093

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21587	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010102	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1093	Trust: 0.6
db:	CNVD	id:	CNVD-2021-51471	Trust: 0.1
db:	VULHUB	id:	VHN-379991	Trust: 0.1
db:	VULMON	id:	CVE-2021-21587	Trust: 0.1

sources: VULHUB: VHN-379991 // VULMON: CVE-2021-21587 // JVNDB: JVNDB-2021-010102 // CNNVD: CNNVD-202107-1093 // NVD: CVE-2021-21587

REFERENCES

url:	https://www.dell.com/support/kbdoc/000189363	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21587	Trust: 0.8
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://research.nccgroup.com/2021/07/06/technical-advisory-arbitrary-file-read-in-dell-wyse-management-suite-cve-2021-21586-cve-2021-21587/	Trust: 0.1

sources: VULHUB: VHN-379991 // VULMON: CVE-2021-21587 // JVNDB: JVNDB-2021-010102 // CNNVD: CNNVD-202107-1093 // NVD: CVE-2021-21587

SOURCES

db:	VULHUB	id:	VHN-379991
db:	VULMON	id:	CVE-2021-21587
db:	JVNDB	id:	JVNDB-2021-010102
db:	CNNVD	id:	CNNVD-202107-1093
db:	NVD	id:	CVE-2021-21587

LAST UPDATE DATE

2024-08-14T15:38:00.555000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379991	date:	2021-07-31T00:00:00
db:	VULMON	id:	CVE-2021-21587	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-010102	date:	2022-06-17T06:01:00
db:	CNNVD	id:	CNNVD-202107-1093	date:	2021-08-02T00:00:00
db:	NVD	id:	CVE-2021-21587	date:	2021-07-31T01:12:32.783

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379991	date:	2021-07-15T00:00:00
db:	VULMON	id:	CVE-2021-21587	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-010102	date:	2022-06-17T00:00:00
db:	CNNVD	id:	CNNVD-202107-1093	date:	2021-07-15T00:00:00
db:	NVD	id:	CVE-2021-21587	date:	2021-07-15T17:15:08.197