Dell EMC CloudLink Vulnerability Leading to Code Execution Risk
CVE-2021-36334

5.9MEDIUM

Key Information:

Vendor: Dell
Status: ClouD-Link
Vendor: CVE Published:; 23 November 2021

Summary

Dell EMC CloudLink versions 7.1 and earlier are susceptible to a CSV formula injection vulnerability. This issue allows remote attackers with high privileges to exploit the vulnerability, potentially leading to arbitrary code execution on the user’s machine. As a result, sensitive data could be manipulated or exposed, posing significant security risks to users and organizations utilizing these affected versions.

Affected Version(s)

CloudLink < 7.1.1

References

https://www.dell.com/support/kbdoc/en-us/000193031/https-...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 23, 2021
Vulnerability Reserved
Jul 8, 2021