Details of VAR-202111-1455

ID

VAR-202111-1455

CVE

CVE-2021-36314

TITLE

Dell EMC CloudLink Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-015444

DESCRIPTION

Dell EMC CloudLink 7.1 and all prior versions contain an Arbitrary File Creation Vulnerability. A remote unauthenticated attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary files on the end user system. Dell EMC CloudLink Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36314 // JVNDB: JVNDB-2021-015444 // VULHUB: VHN-398198

AFFECTED PRODUCTS

vendor:	dell	model:	emc cloud link	scope:	lt	version:	7.1.1	Trust: 1.0
vendor:	デル	model:	cloudlink	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	cloudlink	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015444 // NVD: CVE-2021-36314

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36314
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2021-36314
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-36314
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202111-1972
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-398198
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-36314
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398198
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36314
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-36314
baseSeverity:	HIGH
baseScore:	7.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36314
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398198 // JVNDB: JVNDB-2021-015444 // CNNVD: CNNVD-202111-1972 // NVD: CVE-2021-36314 // NVD: CVE-2021-36314

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015444 // NVD: CVE-2021-36314

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1972

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-1972

PATCH

title:	DSA-2021-194	url:	https://www.dell.com/support/kbdoc/ja-jp/000193031/https-dellservices-lightning-force-com-one-one-app	Trust: 0.8
title:	Dell EMC CloudLink Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171947	Trust: 0.6

sources: JVNDB: JVNDB-2021-015444 // CNNVD: CNNVD-202111-1972

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36314	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015444	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-1972	Trust: 0.6
db:	VULHUB	id:	VHN-398198	Trust: 0.1

sources: VULHUB: VHN-398198 // JVNDB: JVNDB-2021-015444 // CNNVD: CNNVD-202111-1972 // NVD: CVE-2021-36314

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-36314	Trust: 1.4
url:	https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app	Trust: 1.1
url:	https-dellservices-lightning-force-com-one-one-app	Trust: 0.6
url:	https://www.dell.com/support/kbdoc/en-us/000193031/	Trust: 0.6

sources: VULHUB: VHN-398198 // JVNDB: JVNDB-2021-015444 // CNNVD: CNNVD-202111-1972 // NVD: CVE-2021-36314

SOURCES

db:	VULHUB	id:	VHN-398198
db:	JVNDB	id:	JVNDB-2021-015444
db:	CNNVD	id:	CNNVD-202111-1972
db:	NVD	id:	CVE-2021-36314

LAST UPDATE DATE

2024-08-14T14:18:14.010000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398198	date:	2021-11-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-015444	date:	2022-11-21T06:52:00
db:	CNNVD	id:	CNNVD-202111-1972	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-36314	date:	2021-11-27T03:53:32.883

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398198	date:	2021-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-015444	date:	2022-11-21T00:00:00
db:	CNNVD	id:	CNNVD-202111-1972	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-36314	date:	2021-11-23T20:15:11.177