CVE-2021-21503 : Security Advisory and Response

PowerScale OneFS 8.1.2, 8.2.2, and 9.1.0 by Dell contain an OS command injection vulnerability that allows the Compadmin user to escalate privileges.

Understanding CVE-2021-21503

This CVE involves an improper input sanitization issue in PowerScale OneFS versions as mentioned below.

What is CVE-2021-21503?

CVE-2021-21503 is a high-severity vulnerability in Dell's PowerScale OneFS, allowing unauthorized escalation of privileges through an OS command injection technique.

The Impact of CVE-2021-21503

The vulnerability presents a high impact on confidentiality, integrity, and availability, with a CVSS base score of 7.8 (High Severity).

Technical Details of CVE-2021-21503

This section covers the specific technical aspects of the CVE.

Vulnerability Description

PowerScale OneFS 8.1.2, 8.2.2, and 9.1.0 suffer from improper input sanitization, enabling the Compadmin user to exploit the flaw for potential privileges escalation.

Affected Systems and Versions

The vulnerability affects PowerScale OneFS versions less than 8.1.2, 8.2.2, 9.1.0.x, EMPIRE (9.2.0), and GOTHAM.

Exploitation Mechanism

The vulnerability can be exploited locally with low privileges required, impacting confidentiality, integrity, and availability.

Mitigation and Prevention

Discover the steps to mitigate the CVE's impact and prevent future occurrences.

Immediate Steps to Take

Organizations should immediately patch affected systems and restrict Compadmin user privileges to mitigate the vulnerability.

Long-Term Security Practices

Implementing the principle of least privilege, conducting regular security audits, and providing security awareness training can enhance long-term security.

Patching and Updates

Dell has released patches for PowerScale OneFS versions to address the vulnerability. It is essential to apply these updates promptly.