Authenticated Remote Code Execution Vulnerability in Dell VNX2 File Storage
CVE-2021-36295

7.2HIGH

Key Information:

Vendor: Dell
Status: Vnx Control Station
Vendor: CVE Published:; 25 January 2022

What is CVE-2021-36295?

The Dell VNX2 OE for File, specifically versions 8.1.21.266 and earlier, is susceptible to an authenticated remote code execution vulnerability. This flaw allows a remote user with the appropriate privileges to execute arbitrary commands on the system, potentially compromising its security and functionality. Organizations using affected versions should apply security updates promptly to mitigate the risk of exploitation.

Affected Version(s)

VNX Control Station < unspecified

References

https://www.dell.com/support/kbdoc/en-us/000191155/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jul 8, 2021