Sign-up

ID

VAR-202112-2525


CVE

CVE-2021-43589


TITLE

plural  Dell EMC  In the product  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-017993

DESCRIPTION

Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. (DoS) It may be in a state. An attacker could exploit this vulnerability to run crafted commands and escalate privileges on the system

Trust: 1.71

sources: NVD: CVE-2021-43589 // JVNDB: JVNDB-2021-017993 // VULHUB: VHN-406227

AFFECTED PRODUCTS

vendor:dellmodel:emc unity xt operating environmentscope:ltversion:5.1.2.0.5.007

Trust: 1.0

vendor:dellmodel:emc unityvsa operating environmentscope:ltversion:5.1.2.0.5.007

Trust: 1.0

vendor:dellmodel:emc unity operating environmentscope:ltversion:5.1.2.0.5.007

Trust: 1.0

vendor:デルmodel:dell emc unityvsa operating environmentscope:eqversion:5.1.2.0.5.007

Trust: 0.8

vendor:デルmodel:dell emc unity xt operating environmentscope: - version: -

Trust: 0.8

vendor:デルmodel:dell emc unity operating environmentscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017993 // NVD: CVE-2021-43589

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43589
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2021-43589
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43589
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202112-2755
value: MEDIUM

Trust: 0.6

VULHUB: VHN-406227
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-43589
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-406227
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43589
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-43589
baseSeverity: MEDIUM
baseScore: 6.0
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-43589
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-406227 // JVNDB: JVNDB-2021-017993 // CNNVD: CNNVD-202112-2755 // NVD: CVE-2021-43589 // NVD: CVE-2021-43589

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-77

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-406227 // JVNDB: JVNDB-2021-017993 // NVD: CVE-2021-43589

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202112-2755

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202112-2755

PATCH

title:DSA-2021-271url:https://www.dell.com/support/kbdoc/ja-jp/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities

Trust: 0.8

title:Dell EMC Unity Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176500

Trust: 0.6

sources: JVNDB: JVNDB-2021-017993 // CNNVD: CNNVD-202112-2755

EXTERNAL IDS

db:NVDid:CVE-2021-43589

Trust: 3.3

db:JVNDBid:JVNDB-2021-017993

Trust: 0.8

db:CNNVDid:CNNVD-202112-2755

Trust: 0.7

db:CS-HELPid:SB2021122914

Trust: 0.6

db:CNVDid:CNVD-2022-08348

Trust: 0.1

db:VULHUBid:VHN-406227

Trust: 0.1

sources: VULHUB: VHN-406227 // JVNDB: JVNDB-2021-017993 // CNNVD: CNNVD-202112-2755 // NVD: CVE-2021-43589

REFERENCES

url:https://www.dell.com/support/kbdoc/en-us/000194836/dsa-2021-271-dell-emc-unity-dell-emc-unity-vsa-and-dell-emc-unity-xt-security-update-for-multiple-vulnerabilities

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-43589

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021122914

Trust: 0.6

sources: VULHUB: VHN-406227 // JVNDB: JVNDB-2021-017993 // CNNVD: CNNVD-202112-2755 // NVD: CVE-2021-43589

SOURCES

db:VULHUBid:VHN-406227
db:JVNDBid:JVNDB-2021-017993
db:CNNVDid:CNNVD-202112-2755
db:NVDid:CVE-2021-43589

LAST UPDATE DATE

2024-11-23T20:14:12.588000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-406227date:2022-01-28T00:00:00
db:JVNDBid:JVNDB-2021-017993date:2023-03-16T02:24:00
db:CNNVDid:CNNVD-202112-2755date:2022-03-10T00:00:00
db:NVDid:CVE-2021-43589date:2024-11-21T06:29:29.913

SOURCES RELEASE DATE

db:VULHUBid:VHN-406227date:2022-01-24T00:00:00
db:JVNDBid:JVNDB-2021-017993date:2023-03-16T00:00:00
db:CNNVDid:CNNVD-202112-2755date:2021-12-29T00:00:00
db:NVDid:CVE-2021-43589date:2022-01-24T20:15:08.227