CVE-2021-21502
CRITICALDell PowerScale OneFS 8.1.0-9.1.0 - Authenticated SSH Key Use Past Account Expiration
Title source: llmDescription
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/en-us/000182873/dsa-2021-009-dell-powerscale-onefs-security-update-for-multiple-vulnerabilities
Scores
CVSS v3
9.8
EPSS
0.0027
EPSS Percentile
50.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (8)
dell/emc_powerscale_onefs
8.1.0
dell/emc_powerscale_onefs
8.1.1
dell/emc_powerscale_onefs
8.1.2
dell/emc_powerscale_onefs
8.2.0
dell/emc_powerscale_onefs
8.2.1
dell/emc_powerscale_onefs
8.2.2
dell/emc_powerscale_onefs
9.0.0
dell/emc_powerscale_onefs
9.1.0
Published
Feb 09, 2021
Tracked Since
Feb 18, 2026