Details of VAR-202202-1319

ID

VAR-202202-1319

CVE

CVE-2021-36302

TITLE

Dell EMC Integrated System for Microsoft Azure Stack Hub Vulnerability in privilege management in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005113

DESCRIPTION

All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2021-36302 // JVNDB: JVNDB-2022-005113

IOT TAXONOMY

category:

['network device']

sub_category:

hub

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	dell	model:	emc integrated system for microsoft azure stack hub	scope:	lte	version:	2204	Trust: 1.0
vendor:	デル	model:	dell integrated system for microsoft azure stack hub	scope:	eq	version:	-	Trust: 0.8
vendor:	デル	model:	dell integrated system for microsoft azure stack hub	scope:	-	version:	-	Trust: 0.8
vendor:	デル	model:	dell integrated system for microsoft azure stack hub	scope:	eq	version:	dell integrated system for microsoft azure stack hub firmware	Trust: 0.8

sources: JVNDB: JVNDB-2022-005113 // NVD: CVE-2021-36302

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36302
value:	CRITICAL
Trust: 1.0
security_alert@emc.com:	CVE-2021-36302
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-36302
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202202-838
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2021-36302
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-36302
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2022-005113
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-005113 // CNNVD: CNNVD-202202-838 // NVD: CVE-2021-36302 // NVD: CVE-2021-36302

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-005113 // NVD: CVE-2021-36302

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-838

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-838

PATCH

title:	top page	url:	https://www.dell.com/ja-jp	Trust: 0.8
title:	Dell EMC Integrated System Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=181793	Trust: 0.6

sources: JVNDB: JVNDB-2022-005113 // CNNVD: CNNVD-202202-838

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36302	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-005113	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-838	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-005113 // CNNVD: CNNVD-202202-838 // NVD: CVE-2021-36302

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000191165/dsa-2021-178-dell-emc-integrated-solution-for-microsoft-azure-stack-hub-security-update-for-a-just-enough-administration-jea-vulnerability	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36302	Trust: 1.4
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-005113 // CNNVD: CNNVD-202202-838 // NVD: CVE-2021-36302

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2022-005113
db:	CNNVD	id:	CNNVD-202202-838
db:	NVD	id:	CVE-2021-36302

LAST UPDATE DATE

2025-01-30T21:16:45.556000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-005113	date:	2023-05-18T05:16:00
db:	CNNVD	id:	CNNVD-202202-838	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-36302	date:	2022-02-14T19:28:20.963

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-005113	date:	2023-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202202-838	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2021-36302	date:	2022-02-09T20:15:12.273