CVE-2021-21524

Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.dell.com/support/kbdoc/en-us/000184753/dsa-2021-054-dell-emc-srm-and-dell-emc-storage-monitoring-and-reporting-smr-security-update-for-multiple-vulnerabilities	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dell:storage_monitoring_and_reporting::::::::
	cpe:2.3:a:dell:storage_resource_manager::::::::

History

No history.

Information

Published : 2021-04-12 20:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-21524

Mitre link : CVE-2021-21524

CVE.ORG link : CVE-2021-21524

JSON object : View

Products Affected

dell

storage_monitoring_and_reporting
storage_resource_manager

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2021-21524", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-04-12T20:15:11.680", "references": [{"url": "https://www.dell.com/support/kbdoc/en-us/000184753/dsa-2021-054-dell-emc-srm-and-dell-emc-storage-monitoring-and-reporting-smr-security-update-for-multiple-vulnerabilities", "tags": ["Patch", "Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-502"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Critical as this may lead to system compromise by unauthenticated attackers."}, {"lang": "es", "value": "Dell SRM versiones anteriores a 4.5.0.1 y Dell SMR versiones anteriores a 4.5.0.1, contienen una vulnerabilidad de Deserializaci\u00f3n No Confiable. Un atacante remoto no autenticado podr\u00eda potencialmente explotar esta vulnerabilidad, conllevando una ejecuci\u00f3n de c\u00f3digo arbitraria privilegiada en la aplicaci\u00f3n vulnerable. La gravedad es Cr\u00edtica, ya que esto puede conllevar a comprometer el sistema por parte de atacantes no autenticados"}], "lastModified": "2021-04-22T14:43:35.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dell:storage_monitoring_and_reporting:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21994916-AA81-4287-AF20-6849D53D5396", "versionEndExcluding": "4.5.0.1"}, {"criteria": "cpe:2.3:a:dell:storage_resource_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1CA2142-2C18-4FF6-8223-39ED31AF7787", "versionEndExcluding": "4.5.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "security_alert@emc.com"}