Critical
Proprietary Code CVEs |
Description | CVSS Base Score |
CVSS Vector String |
CVE-2021-36287 | Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to run commands on the system. | 7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
CVE-2021-36288 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files. | 8.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
CVE-2021-36289 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information. |
7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36290 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36293 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36294 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability leading to authentication bypass and complete takeover of the VNX system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36295 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to run commands. | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36296 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to run commands. | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Third-party Component | CVEs | More Information |
JRE | CVE-2021-3517 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE-2021-35560 | ||
CVE-2021-35567 | ||
NTLM | CVE-2021-31958 |
Proprietary Code CVEs |
Description | CVSS Base Score |
CVSS Vector String |
CVE-2021-36287 | Dell VNX2 for file version 8.1.21.266 and earlier, contain an unauthenticated remote code execution vulnerability which may lead unauthenticated users to run commands on the system. | 7.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
CVE-2021-36288 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which may lead unauthenticated users to read/write restricted files. | 8.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
CVE-2021-36289 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain a sensitive information disclosure vulnerability. A local malicious user may exploit this vulnerability to read sensitive information. |
7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36290 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain privileges. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36293 | Dell VNX2 for File version 8.1.21.266 and earlier, contain a privilege escalation vulnerability. A local malicious admin may potentially exploit vulnerability and gain elevated privileges. | 6.4 | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36294 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authentication bypass vulnerability. A remote unauthenticated attacker may exploit this vulnerability leading to authentication bypass and complete takeover of the VNX system. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36295 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to run commands. | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36296 | Dell VNX2 OE for File versions 8.1.21.266 and earlier, contain an authenticated remote code execution vulnerability. A remote malicious user with privileges may exploit this vulnerability to run commands. | 7.2 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Third-party Component | CVEs | More Information |
JRE | CVE-2021-3517 | See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE-2021-35560 | ||
CVE-2021-35567 | ||
NTLM | CVE-2021-31958 |
Product | Affected Versions | Updated Versions | Link to Update |
VNX2 | Version 8.1.21.266 (file), version 5.33.021.5.266 (block) and earlier | Version 8.1.21.303 (file) Version 5.33.021.5.303 (block) |
Download and install the appropriate version by VNX2 code family: https://www.dell.com/support/home/en-us/product-support/product/vnxe1600/. |
Product | Affected Versions | Updated Versions | Link to Update |
VNX2 | Version 8.1.21.266 (file), version 5.33.021.5.266 (block) and earlier | Version 8.1.21.303 (file) Version 5.33.021.5.303 (block) |
Download and install the appropriate version by VNX2 code family: https://www.dell.com/support/home/en-us/product-support/product/vnxe1600/. |
Revision | Date | Description |
1.0 | 2021-09-01 | Initial release with workarounds |
1.1 | 2022-03-31 | Updated CVEs and link to update. |
1.2 | 2022-07-20 | Removed EMS Firmware CVE-2018-9086 |
Dell would like to thank Guillaume Quéré for reporting CVE-2021-36287, CVE-2021-36288, CVE-2021-36289, CVE-2021-36290, CVE-2021-36293, CVE-2021-36294, CVE-2021-36295, and CVE-2021-36296.