CVE-2021-36315
MEDIUMCVSS 6.8/10EPSS 0.25%
Last modified
CVE-2021-36315 is a medium-severity vulnerability rated 6.8/10 on the CVSS scale. Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. EPSS estimates a 0.25% chance of exploitation in the next 30 days.
Description
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.
Metrics
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Emc Powerscale Nodes A100 Firmware | All versions |
| Dell | Emc Powerscale Nodes S210 Firmware | All versions |
| Dell | Emc Powerscale Nodes X410 Firmware | All versions |
| Dell | Emc Powerscale Nodes H400 Firmware | All versions |
| Dell | Emc Powerscale Nodes X210 Firmware | All versions |
| Dell | Emc Powerscale Nodes Nl410 Firmware | All versions |
| Dell | Emc Powerscale Nodes A200 Firmware | All versions |
| Dell | Emc Powerscale Nodes A2000 Firmware | All versions |
| Dell | Emc Powerscale Nodes H500 Firmware | All versions |
| Dell | Emc Powerscale Nodes H600 Firmware | All versions |
| Dell | Emc Powerscale Nodes H5600 Firmware | All versions |
| Dell | Emc Powerscale Nodes F800 Firmware | All versions |
| Dell | Emc Powerscale Nodes F810 Firmware | All versions |
| Dell | Emc Powerscale Nodes F200 Firmware | All versions |
| Dell | Emc Powerscale Nodes F600 Firmware | All versions |
| Dell | Emc Powerscale Nodes A300 Firmware | All versions |
| Dell | Emc Powerscale Nodes A3000 Firmware | All versions |
| Dell | Emc Powerscale Nodes H700 Firmware | All versions |
| Dell | Emc Powerscale Nodes H7000 Firmware | All versions |
References
- https://www.dell.com/support/kbdoc/en-us/000193005/Vendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000193005/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-36315?
Dell EMC PowerScale Nodes contain a hardware design flaw. This may allow a local unauthenticated user to escalate privileges. This also affects Compliance mode and for Compliance mode clusters, is a critical vulnerability. Dell EMC recommends applying the workaround at your earliest opportunity.
How severe is CVE-2021-36315?
CVE-2021-36315 has a CVSS score of 6.8/10 (MEDIUM severity). The EPSS model estimates a 0.25% probability of exploitation in the next 30 days.
How do I fix CVE-2021-36315?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2021-36315?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST