Details of VAR-202111-1433

ID

VAR-202111-1433

CVE

CVE-2021-36313

TITLE

Dell EMC CloudLink In OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-015360

DESCRIPTION

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36313 // JVNDB: JVNDB-2021-015360 // VULHUB: VHN-398197

AFFECTED PRODUCTS

vendor:	dell	model:	cloudlink	scope:	lt	version:	7.1.1	Trust: 1.0
vendor:	デル	model:	cloudlink	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	cloudlink	scope:	lte	version:	7.1 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2021-015360 // NVD: CVE-2021-36313

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36313
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2021-36313
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-36313
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202111-1985
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398197
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-36313
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398197
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36313
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-36313
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	6.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36313
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398197 // JVNDB: JVNDB-2021-015360 // CNNVD: CNNVD-202111-1985 // NVD: CVE-2021-36313 // NVD: CVE-2021-36313

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-74	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398197 // JVNDB: JVNDB-2021-015360 // NVD: CVE-2021-36313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1985

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202111-1985

PATCH

title:	DSA-2021-194	url:	https://www.dell.com/support/kbdoc/ja-jp/000193031/https-dellservices-lightning-force-com-one-one-app	Trust: 0.8
title:	Dell EMC CloudLink Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171310	Trust: 0.6

sources: JVNDB: JVNDB-2021-015360 // CNNVD: CNNVD-202111-1985

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36313	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015360	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-1985	Trust: 0.6
db:	VULHUB	id:	VHN-398197	Trust: 0.1

sources: VULHUB: VHN-398197 // JVNDB: JVNDB-2021-015360 // CNNVD: CNNVD-202111-1985 // NVD: CVE-2021-36313

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-36313	Trust: 1.4
url:	https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app	Trust: 1.1
url:	https-dellservices-lightning-force-com-one-one-app	Trust: 0.6
url:	https://www.dell.com/support/kbdoc/en-us/000193031/	Trust: 0.6

sources: VULHUB: VHN-398197 // JVNDB: JVNDB-2021-015360 // CNNVD: CNNVD-202111-1985 // NVD: CVE-2021-36313

SOURCES

db:	VULHUB	id:	VHN-398197
db:	JVNDB	id:	JVNDB-2021-015360
db:	CNNVD	id:	CNNVD-202111-1985
db:	NVD	id:	CVE-2021-36313

LAST UPDATE DATE

2024-08-14T15:37:50.995000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398197	date:	2021-11-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-015360	date:	2022-11-18T02:25:00
db:	CNNVD	id:	CNNVD-202111-1985	date:	2021-11-25T00:00:00
db:	NVD	id:	CVE-2021-36313	date:	2021-11-24T20:02:05.263

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398197	date:	2021-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-015360	date:	2022-11-18T00:00:00
db:	CNNVD	id:	CNNVD-202111-1985	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-36313	date:	2021-11-23T20:15:11.110