Authentication Bypass Vulnerability in Dell VNX2 File Storage System
CVE-2021-36294

9.8CRITICAL

Key Information:

Vendor: Dell
Status: Vnx Control Station
Vendor: CVE Published:; 25 January 2022

What is CVE-2021-36294?

The Dell VNX2 OE for File, specifically versions 8.1.21.266 and earlier, is susceptible to an authentication bypass vulnerability. This flaw permits a remote attacker to exploit the system by forging authentication cookies, allowing unauthorized access as any user. Such vulnerabilities can lead to significant security breaches, making remediation essential for affected systems.

Affected Version(s)

VNX Control Station < unspecified

References

https://www.dell.com/support/kbdoc/en-us/000191155/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jul 8, 2021