High
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2021-21561 | Dell PowerScale OneFS version 8.2.x - 9.1.x contains a sensitive information exposure vulnerability. This may allow a malicious user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36280 | Dell PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. | 7.8 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Third-party Component | CVEs | More information |
OpenSSH | Multiple | https://www.openssh.com/txt/release-8.6 This updates the version of OpenSSH to 8.6p1. |
iDRAC | CVE-2020-5366 | KB article 177335: DSA-2020-128 iDRAC local file inclusion vulnerability. |
CVE-2020-26198 | KB article 181088: DSA-2020-268 iDRAC reflected XSS vulnerability. |
Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
CVE-2021-21561 | Dell PowerScale OneFS version 8.2.x - 9.1.x contains a sensitive information exposure vulnerability. This may allow a malicious user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to gain access to sensitive information in the log files. | 7.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
CVE-2021-36280 | Dell PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for critical resource vulnerability. This may allow a user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE to access privileged information about the cluster. | 7.8 | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Third-party Component | CVEs | More information |
OpenSSH | Multiple | https://www.openssh.com/txt/release-8.6 This updates the version of OpenSSH to 8.6p1. |
iDRAC | CVE-2020-5366 | KB article 177335: DSA-2020-128 iDRAC local file inclusion vulnerability. |
CVE-2020-26198 | KB article 181088: DSA-2020-268 iDRAC reflected XSS vulnerability. |
CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
Multiple OpenSSH CVEs |
8.2.x, 9.0.0.x, 9.2.0.x | Upgrade your version of OneFS. | PowerScale OneFS Downloads Area |
9.1.0.x, and 9.2.1.x | Download and install the latest RUP. | ||
CVE-2021-21561 | 9.0.0.x and 9.2.0.x | Upgrade your version of OneFS. | |
8.1.2, 8.2.2, and 9.1.0.x | Download and install the latest RUP. | ||
CVE-2021-36280 | 9.0.0.x and 9.2.0.x | Upgrade your version of OneFS. | |
8.2.2, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP. |
CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
CVE-2020-5366 | F200, F600, F900 running either 9.0.0.x, 9.1.0.x, 9.2.0.0x, or 9.2.1.x. |
Download and install Node Firmware Package (NFP) 11.1.4. | PowerScale OneFS Downloads Area |
CVE-2021-26198 | F200, F600, F900 running either 9.0.0.x, 9.1.0.x, 9.2.0.0x, or 9.2.1.x. |
Download and install Node Firmware Package (NFP) 11.1.4. |
CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
Multiple OpenSSH CVEs |
8.2.x, 9.0.0.x, 9.2.0.x | Upgrade your version of OneFS. | PowerScale OneFS Downloads Area |
9.1.0.x, and 9.2.1.x | Download and install the latest RUP. | ||
CVE-2021-21561 | 9.0.0.x and 9.2.0.x | Upgrade your version of OneFS. | |
8.1.2, 8.2.2, and 9.1.0.x | Download and install the latest RUP. | ||
CVE-2021-36280 | 9.0.0.x and 9.2.0.x | Upgrade your version of OneFS. | |
8.2.2, 9.1.0.x, and 9.2.1.x | Download and install the latest RUP. |
CVEs Addressed | Affected Versions | Updated Versions | Link to Update |
CVE-2020-5366 | F200, F600, F900 running either 9.0.0.x, 9.1.0.x, 9.2.0.0x, or 9.2.1.x. |
Download and install Node Firmware Package (NFP) 11.1.4. | PowerScale OneFS Downloads Area |
CVE-2021-26198 | F200, F600, F900 running either 9.0.0.x, 9.1.0.x, 9.2.0.0x, or 9.2.1.x. |
Download and install Node Firmware Package (NFP) 11.1.4. |
Workarounds and Mitigations | |
Multiple OpenSSH CVEs | none |
CVE-2020-5366 | none |
CVE-2021-21561 | none |
CVE-2021-26198 | none |
CVE-2021-36280 | Disallow ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_LOGIN_SSH privileges to non-administrative users. OR As root for clusters not in Smartlock WORM Compliance Mode, the following remediates the issue:
|
Revision | Date | Description |
1.0 | 9 Sep 2021 | Initial Release |