Details of VAR-202112-2521

ID

VAR-202112-2521

CVE

CVE-2021-36338

TITLE

plural Dell EMC Lack of verification and integrity checks on products Cookie Dependency vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-018029

DESCRIPTION

Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. CVE-2022-31233 addresses the partial fix in CVE-2021-36338. plural Dell EMC Products have not undergone verification and integrity checks Cookie There is a vulnerability related to dependency on.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). Dell EMC Unisphere for PowerMax has a security vulnerability that could be exploited by an attacker to elevate privileges

Trust: 1.71

sources: NVD: CVE-2021-36338 // JVNDB: JVNDB-2021-018029 // VULHUB: VHN-398222

AFFECTED PRODUCTS

vendor:	dell	model:	unisphere for powermax	scope:	lt	version:	9.2.3.4	Trust: 1.0
vendor:	dell	model:	unisphere for powermax virtual appliance	scope:	lt	version:	9.2.3.4	Trust: 1.0
vendor:	dell	model:	powermax os	scope:	eq	version:	5978	Trust: 1.0
vendor:	dell	model:	unisphere 360	scope:	lt	version:	9.1.0.29	Trust: 1.0
vendor:	dell	model:	solutions enabler	scope:	lt	version:	9.2.3.0	Trust: 1.0
vendor:	dell	model:	unisphere 360	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	vasa	scope:	lt	version:	9.1.0.723	Trust: 1.0
vendor:	dell	model:	vasa	scope:	lt	version:	9.2.3.0	Trust: 1.0
vendor:	dell	model:	unisphere 360	scope:	lt	version:	9.2.3.3	Trust: 1.0
vendor:	dell	model:	solutions enabler	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	solutions enabler virtual appliance	scope:	lt	version:	9.2.3.0	Trust: 1.0
vendor:	dell	model:	vasa	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	solutions enabler virtual appliance	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	unisphere for powermax virtual appliance	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	unisphere for powermax virtual appliance	scope:	lt	version:	9.1.0.31	Trust: 1.0
vendor:	dell	model:	unisphere for powermax	scope:	lt	version:	9.1.0.31	Trust: 1.0
vendor:	dell	model:	solutions enabler	scope:	lt	version:	9.1.0.18	Trust: 1.0
vendor:	dell	model:	solutions enabler virtual appliance	scope:	lt	version:	9.1.0.18	Trust: 1.0
vendor:	dell	model:	unisphere for powermax	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	デル	model:	dell unisphere for powermax virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell solutions enabler	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell unisphere for powermax	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell powermax os	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	solutions enabler virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	unisphere 360	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	vasa	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-018029 // NVD: CVE-2021-36338

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36338
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2021-36338
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-36338
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2209
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398222
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36338
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398222
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	5.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36338
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.1
impactScore:	5.9
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-36338
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36338
baseSeverity:	HIGH
baseScore:	8.0
vectorString:	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398222 // JVNDB: JVNDB-2021-018029 // CNNVD: CNNVD-202112-2209 // NVD: CVE-2021-36338 // NVD: CVE-2021-36338

PROBLEMTYPE DATA

problemtype:	CWE-565	Trust: 1.1
problemtype:	CWE-602	Trust: 1.0
problemtype:	No validation and integrity checks Cookie Dependence on (CWE-565) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-669	Trust: 0.1

sources: VULHUB: VHN-398222 // JVNDB: JVNDB-2021-018029 // NVD: CVE-2021-36338

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2209

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2209

PATCH

title:	DSA-2021-226	url:	https://www.dell.com/support/kbdoc/ja-jp/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embed	Trust: 0.8
title:	Dell EMC Unisphere for PowerMax Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=175675	Trust: 0.6

sources: JVNDB: JVNDB-2021-018029 // CNNVD: CNNVD-202112-2209

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36338	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-018029	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2209	Trust: 0.7
db:	CNVD	id:	CNVD-2022-06904	Trust: 0.1
db:	VULHUB	id:	VHN-398222	Trust: 0.1

sources: VULHUB: VHN-398222 // JVNDB: JVNDB-2021-018029 // CNNVD: CNNVD-202112-2209 // NVD: CVE-2021-36338

REFERENCES

url:	https://www.dell.com/support/kbdoc/000194640	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36338	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-emc-unisphere-for-powermax-privilege-escalation-37122	Trust: 0.6

sources: VULHUB: VHN-398222 // JVNDB: JVNDB-2021-018029 // CNNVD: CNNVD-202112-2209 // NVD: CVE-2021-36338

SOURCES

db:	VULHUB	id:	VHN-398222
db:	JVNDB	id:	JVNDB-2021-018029
db:	CNNVD	id:	CNNVD-202112-2209
db:	NVD	id:	CVE-2021-36338

LAST UPDATE DATE

2024-08-14T14:50:01.417000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398222	date:	2022-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-018029	date:	2023-03-20T03:49:00
db:	CNNVD	id:	CNNVD-202112-2209	date:	2022-12-12T00:00:00
db:	NVD	id:	CVE-2021-36338	date:	2022-12-09T16:26:50.893

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398222	date:	2022-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-018029	date:	2023-03-20T00:00:00
db:	CNNVD	id:	CNNVD-202112-2209	date:	2021-12-22T00:00:00
db:	NVD	id:	CVE-2021-36338	date:	2022-01-21T21:15:08.487