Lucene search

DellCVELIST:CVE-2021-36313

HistoryNov 01, 2021 - 12:00 a.m.

CVE-2021-36313

2021-11-0100:00:00

CWE-74

dell

www.cve.org

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

JSON

Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.

CNA Affected

[
  {
    "product": "CloudLink",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "7.1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.4%

JSON

Related for CVELIST:CVE-2021-36313