CVE-2021-21595

MEDIUM

Dell EMC PowerScale OneFS 8.2.x-9.1.1.x - Authenticated Privilege Escalation via OS Command Injection

Title source: llm
STIX 2.1

Description

Dell EMC PowerScale OneFS versions 8.2.x - 9.1.1.x contain an improper neutralization of special elements used in an OS command. This vulnerability could allow the compadmin user to elevate privileges. This only impacts Smartlock WORM compliance mode clusters as a critical vulnerability and Dell recommends to update/upgrade at the earliest opportunity.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000190408

Scores

CVSS v3 6.0
EPSS 0.0014
EPSS Percentile 33.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-77
Status published
Products (2)
dell/emc_powerscale_onefs 8.2.2
dell/emc_powerscale_onefs 9.0.0.0 - 9.2.0
Published Aug 16, 2021
Tracked Since Feb 18, 2026