Details of VAR-202112-2522

ID

VAR-202112-2522

CVE

CVE-2021-36339

TITLE

plural Dell EMC Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-018028

DESCRIPTION

The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance. plural Dell EMC There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. DELL Dell EMC Unisphere for PowerMax is a set of graphical management tools for PowerMax storage arrays developed by Dell (DELL). There is a security vulnerability in Dell EMC Unisphere for PowerMax, which stems from the software's lack of effective restriction and filtering of user rights

Trust: 1.8

sources: NVD: CVE-2021-36339 // JVNDB: JVNDB-2021-018028 // VULHUB: VHN-398223 // VULMON: CVE-2021-36339

AFFECTED PRODUCTS

vendor:	dell	model:	unisphere for powermax	scope:	lt	version:	9.2.3.4	Trust: 1.0
vendor:	dell	model:	unisphere for powermax virtual appliance	scope:	lt	version:	9.2.3.4	Trust: 1.0
vendor:	dell	model:	powermax os	scope:	eq	version:	5978	Trust: 1.0
vendor:	dell	model:	unisphere 360	scope:	lt	version:	9.1.0.29	Trust: 1.0
vendor:	dell	model:	solutions enabler	scope:	lt	version:	9.2.3.0	Trust: 1.0
vendor:	dell	model:	unisphere 360	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	vasa	scope:	lt	version:	9.1.0.723	Trust: 1.0
vendor:	dell	model:	vasa	scope:	lt	version:	9.2.3.0	Trust: 1.0
vendor:	dell	model:	unisphere 360	scope:	lt	version:	9.2.3.3	Trust: 1.0
vendor:	dell	model:	solutions enabler	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	solutions enabler virtual appliance	scope:	lt	version:	9.2.3.0	Trust: 1.0
vendor:	dell	model:	vasa	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	solutions enabler virtual appliance	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	unisphere for powermax virtual appliance	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	dell	model:	unisphere for powermax virtual appliance	scope:	lt	version:	9.1.0.31	Trust: 1.0
vendor:	dell	model:	unisphere for powermax	scope:	lt	version:	9.1.0.31	Trust: 1.0
vendor:	dell	model:	solutions enabler	scope:	lt	version:	9.1.0.18	Trust: 1.0
vendor:	dell	model:	solutions enabler virtual appliance	scope:	lt	version:	9.1.0.18	Trust: 1.0
vendor:	dell	model:	unisphere for powermax	scope:	gte	version:	9.2.0.0	Trust: 1.0
vendor:	デル	model:	dell unisphere for powermax virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell solutions enabler	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell unisphere for powermax	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell powermax os	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	solutions enabler virtual appliance	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	unisphere 360	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	vasa	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-018028 // NVD: CVE-2021-36339

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36339
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2021-36339
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-36339
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202112-2204
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398223
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-36339
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36339
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-398223
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36339
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-018028
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398223 // VULMON: CVE-2021-36339 // JVNDB: JVNDB-2021-018028 // CNNVD: CNNVD-202112-2204 // NVD: CVE-2021-36339 // NVD: CVE-2021-36339

PROBLEMTYPE DATA

problemtype:	CWE-250	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-018028 // NVD: CVE-2021-36339

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2204

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-2204

PATCH

title:	DSA-2021-226	url:	https://www.dell.com/support/kbdoc/ja-jp/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embed	Trust: 0.8
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2021-36339	Trust: 0.1

sources: VULMON: CVE-2021-36339 // JVNDB: JVNDB-2021-018028

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36339	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-018028	Trust: 0.8
db:	CNNVD	id:	CNNVD-202112-2204	Trust: 0.6
db:	CNVD	id:	CNVD-2022-06903	Trust: 0.1
db:	VULHUB	id:	VHN-398223	Trust: 0.1
db:	VULMON	id:	CVE-2021-36339	Trust: 0.1

sources: VULHUB: VHN-398223 // VULMON: CVE-2021-36339 // JVNDB: JVNDB-2021-018028 // CNNVD: CNNVD-202112-2204 // NVD: CVE-2021-36339

REFERENCES

url:	https://www.dell.com/support/kbdoc/000194640	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36339	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-emc-virtual-appliances-user-access-via-undocumented-user-accounts-37123	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2021-36339	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-398223 // VULMON: CVE-2021-36339 // JVNDB: JVNDB-2021-018028 // CNNVD: CNNVD-202112-2204 // NVD: CVE-2021-36339

SOURCES

db:	VULHUB	id:	VHN-398223
db:	VULMON	id:	CVE-2021-36339
db:	JVNDB	id:	JVNDB-2021-018028
db:	CNNVD	id:	CNNVD-202112-2204
db:	NVD	id:	CVE-2021-36339

LAST UPDATE DATE

2024-08-14T13:43:05.760000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398223	date:	2022-10-27T00:00:00
db:	VULMON	id:	CVE-2021-36339	date:	2022-10-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-018028	date:	2023-03-20T03:46:00
db:	CNNVD	id:	CNNVD-202112-2204	date:	2022-10-28T00:00:00
db:	NVD	id:	CVE-2021-36339	date:	2022-10-27T11:44:58.323

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398223	date:	2022-01-21T00:00:00
db:	VULMON	id:	CVE-2021-36339	date:	2022-01-21T00:00:00
db:	JVNDB	id:	JVNDB-2021-018028	date:	2023-03-20T00:00:00
db:	CNNVD	id:	CNNVD-202112-2204	date:	2021-12-22T00:00:00
db:	NVD	id:	CVE-2021-36339	date:	2022-01-21T21:15:08.563