CVE-2021-21547 - OpenCVE

Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Unity Operating Environment Unity Xt Operating Environment Unityvsa Operating Environment

Configuration 1 [-]

OR	cpe:2.3:a:dell:unity_operating_environment::::::::
	cpe:2.3:a:dell:unity_xt_operating_environment::::::::
	cpe:2.3:a:dell:unityvsa_operating_environment::::::::

No data.

References

Link	Providers
https://www.dell.com/support/kbdoc/000185484

History

No history.

MITRE

Status: PUBLISHED

Assigner: dell

Published: 2021-04-30T21:10:19.233760Z

Updated: 2024-09-16T18:34:33.545Z

Reserved: 2021-01-04T00:00:00

Link: CVE-2021-21547

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-30T21:15:08.937

Modified: 2021-05-11T12:51:47.480

Link: CVE-2021-21547

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Unity", "vendor": "Dell", "versions": [{"lessThan": "5.0.7.0.5.008", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2021-04-19T00:00:00", "descriptions": [{"lang": "en", "value": "Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Other", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-04-30T21:10:19", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.dell.com/support/kbdoc/000185484"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@dell.com", "DATE_PUBLIC": "2021-04-19", "ID": "CVE-2021-21547", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Unity", "version": {"version_data": [{"version_affected": "<", "version_value": "5.0.7.0.5.008"}]}}]}, "vendor_name": "Dell"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user."}]}, "impact": {"cvss": {"baseScore": 6.4, "baseSeverity": "Medium", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Other"}]}]}, "references": {"reference_data": [{"name": "https://www.dell.com/support/kbdoc/000185484", "refsource": "MISC", "url": "https://www.dell.com/support/kbdoc/000185484"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:16:23.000Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.dell.com/support/kbdoc/000185484"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2021-21547", "datePublished": "2021-04-30T21:10:19.233760Z", "dateReserved": "2021-01-04T00:00:00", "dateUpdated": "2024-09-16T18:34:33.545Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", "matchCriteriaId": "15F2B715-190D-460B-AABB-B922B2C4AE53", "versionEndExcluding": "5.0.7.0.5.008", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unity_xt_operating_environment:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F115C9A-4D1C-44E2-AD74-AAE75EEB74BC", "versionEndExcluding": "5.0.7.0.5.008", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:unityvsa_operating_environment:*:*:*:*:*:*:*:*", "matchCriteriaId": "21AA0A02-5341-469E-9715-5AEF4BFEFA42", "versionEndExcluding": "5.0.7.0.5.008", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dell EMC Unity, UnityVSA, and Unity XT versions prior to 5.0.7.0.5.008 contain a plain-text password storage vulnerability when the Dell Upgrade Readiness Utility is run on the system. The credentials of the Unisphere Administrator are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user."}, {"lang": "es", "value": "Dell EMC Unity, UnityVSA y Unity XT versiones anteriores a 5.0.7.0.5.008 contienen una vulnerabilidad de almacenamiento de contrase\u00f1a de texto plano cuando Dell Upgrade Readiness Utility es ejecutado en el sistema. Las credenciales del Administrador de Unisphere son almacenadas en texto plano. Un usuario malicioso local con altos privilegios puede usar la contrase\u00f1a expuesta para conseguir acceso con los privilegios de un usuario comprometido."}], "id": "CVE-2021-21547", "lastModified": "2021-05-11T12:51:47.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "security_alert@emc.com", "type": "Secondary"}]}, "published": "2021-04-30T21:15:08.937", "references": [{"source": "security_alert@emc.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.dell.com/support/kbdoc/000185484"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-312"}], "source": "nvd@nist.gov", "type": "Primary"}]}