CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2021-21549
https://notcve.org/view.php?id=CVE-2021-21549
Dell EMC XtremIO Versions prior to 6.3.3-8, contain a Cross-Site Request Forgery Vulnerability in XMS. A non-privileged attacker could potentially exploit this vulnerability, leading to a privileged victim application user being tricked into sending state-changing requests to the vulnerable application, causing unintended server operations. Dell EMC XtremIO versiones anteriores a 6.3.3-8 presentan una vulnerabilidad de tipo Cross-Site Request Forgery en XMS. Un atacante no privilegiado podría potencialmente explotar esta vulnerabilidad, conllevando a un usuario de la aplicación víctima privilegiado ser engañado para que envíe peticiones de cambio de estado a la aplicación vulnerable, causando operaciones no deseadas en el servidor • https://www.dell.com/support/kbdoc/000186363 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-21550
https://notcve.org/view.php?id=CVE-2021-21550
Dell EMC PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability can allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. Dell EMC PowerScale OneFS versión 8.1.0-9.1.0, contienen una neutralización inapropiada de elementos especiales utilizados en una vulnerabilidad de comando del Sistema Operativo. Esta vulnerabilidad puede permitir a un usuario autenticado con privilegios ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE escalar privilegios • https://www.dell.com/support/kbdoc/000185978 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21527
https://notcve.org/view.php?id=CVE-2021-21527
Dell PowerScale OneFS 8.1.0-9.1.0 contain an improper neutralization of special elements used in an OS command vulnerability. This vulnerability may allow an authenticated user with ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privileges to escalate privileges. Dell PowerScale OneFS versión 8.1.0-9.1.0, contienen una neutralización inapropiada de elementos especiales utilizados en una vulnerabilidad de comando del Sistema Operativo. Esta vulnerabilidad puede permitir a un usuario autenticado con privilegios ISI_PRIV_LOGIN_SSH o ISI_PRIV_LOGIN_CONSOLE escalar privilegios • https://www.dell.com/support/kbdoc/000185978 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-21505
https://notcve.org/view.php?id=CVE-2021-21505
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges. Dell EMC Integrated System for Microsoft Azure Stack Hub, versiones 1906-2011, contiene una cuenta iDRAC predeterminada sin documentar. Un atacante remoto no autenticado, con el conocimiento de las credenciales predeterminadas, podría potencialmente explotar esto para iniciar sesión en el sistema y obtener privilegios de root • https://www.dell.com/support/kbdoc/en-us/000186008/dsa-2021-020-dell-emc-integrated-system-for-microsoft-azure-stack-hub-security-update-for-an-idrac-undocumented-account-vulnerability • CWE-255: Credentials Management Errors CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 12CVE-2021-21551 – Dell dbutil Driver Insufficient Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2021-21551
Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. El controlador Dell dbutil_2_3.sys, contiene una vulnerabilidad de control de acceso insuficiente que puede conllevar a una escalada de privilegios, denegación de servicio o divulgación de información. Es requerido un acceso de usuario autenticado local The DBUtil_2_3.sys driver distributed by Dell exposes an unprotected IOCTL interface that can be abused by an attacker to read and write kernel-mode memory. Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure. • https://www.exploit-db.com/exploits/49893 https://github.com/waldo-irc/CVE-2021-21551 https://github.com/mathisvickie/CVE-2021-21551 https://github.com/ihack4falafel/Dell-Driver-EoP-CVE-2021-21551 https://github.com/ch3rn0byl/CVE-2021-21551 https://github.com/mzakocs/CVE-2021-21551-POC https://github.com/nanabingies/CVE-2021-21551 https://github.com/Eap2468/CVE-2021-21551 https://github.com/arnaudluti/PS-CVE-2021-21551 http://packetstormsecurity.com/files/162604/Dell-DBUtil& • CWE-782: Exposed IOCTL with Insufficient Access Control •