DSA-2021-064: Dell EMC PowerScale OneFS Security Update for Multiple Vulnerabilities
요약: Dell EMC PowerScale OneFS remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
영향
Critical
세부 정보
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21527 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-21550 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| Proprietary Code CVE(s) | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21527 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| CVE-2021-21550 | Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. | 6.0 | AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
영향을 받는 제품 및 문제 해결
| CVE(s) Addressed | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2021-21527 | 9.0.0.x | Upgrade your version of OneFS | PowerScale Download Area |
| 9.1.0.x | Download and install the April RUP | ||
| CVE-2021-21550 | 8.1.1, 8.2.1, and 9.0.0.x | Upgrade your version of OneFS | |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the April RUP |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
| CVE(s) Addressed | Affected Version(s) | Updated Version(s) | Link to Update |
| CVE-2021-21527 | 9.0.0.x | Upgrade your version of OneFS | PowerScale Download Area |
| 9.1.0.x | Download and install the April RUP | ||
| CVE-2021-21550 | 8.1.1, 8.2.1, and 9.0.0.x | Upgrade your version of OneFS | |
| 8.1.2, 8.2.2, and 9.1.0.x | Download and install the April RUP |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available.
해결 방법 및 완화 방안
| CVE ID | Workaround(s) or Mitigation(s) |
| CVE-2021-21527 | None. Note: This only is a concern if you have enabled SmartLock Compliance Mode. |
| CVE-2021-21550 | None Note: This only is a concern if you have enabled SmartLock Compliance Mode. |
개정 내역
| Revision | Date | Description |
| 1.0 | 2021-05-03 | Initial Release |
관련 정보
법적 고지 사항
해당 제품
Product Security Information문서 속성
문서 번호: 000185978
문서 유형: Dell Security Advisory
마지막 수정 시간: 18 9월 2025
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.