Impact
Critical
Details
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-43589 |
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. |
6.0 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
Third-party Component |
CVEs |
More Information |
bind |
CVE-2021-25214 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE-2021-25215 |
curl |
CVE-2021-22876 |
CVE-2021-22898 |
dhcp |
CVE-2021-25217 |
git |
CVE-2021-21300 |
glib2 |
CVE-2021-27218 |
CVE-2021-27219 |
glibc |
CVE-2019-25013 |
CVE-2020-29573 |
CVE-2020-27618 |
CVE-2020-29562 |
CVE-2021-3326 |
gnutls |
CVE-2021-20231 |
CVE-2021-20232 |
libnettle |
CVE-2021-20305 |
libX11 |
CVE-2021-31535 |
lz4 |
CVE-2021-3520 |
mgetty |
CVE-2018-16741 |
CVE-2018-16742 |
CVE-2018-16743 |
CVE-2018-16744 |
CVE-2018-16745 |
mozilla-nspr |
CVE-2021-23981 |
CVE-2021-23982 |
CVE-2021-23984 |
CVE-2021-23987 |
nghttp2 |
CVE-2020-11080 |
open-iscsi |
CVE-2020-17437 |
CVE-2020-17438 |
CVE-2020-13987 |
CVE-2020-13988 |
openldap2 |
CVE-2020-36221 |
CVE-2020-36222 |
CVE-2020-36223 |
CVE-2020-36224 |
CVE-2020-36225 |
CVE-2020-36226 |
CVE-2020-36227 |
CVE-2020-36228 |
CVE-2020-36229 |
CVE-2020-36230 |
CVE-2021-27212 |
openssl (Unisphere UI) |
CVE-2021-3712 |
openssl (NAS Server) |
CVE-2021-23840 |
polkit |
CVE-2021-3560 |
postgresql10 |
CVE-2020-25695 |
CVE-2020-25694 |
CVE-2020-25696 |
CVE-2021-32027 |
CVE-2021-32028 |
python-tk |
CVE-2021-3177 |
CVE-2019-20916 |
sudo |
CVE-2021-3156 |
Proprietary Code CVEs |
Description |
CVSS Base Score |
CVSS Vector String |
CVE-2021-43589 |
Dell EMC Unity, Dell EMC UnityVSA and Dell EMC Unity XT versions prior to 5.1.2.0.5.007 contain an operating system (OS) command injection Vulnerability. A locally authenticated user with high privileges may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the Unity underlying OS, with the privileges of the vulnerable application. Exploitation may lead to an elevation of privilege. |
6.0 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
Third-party Component |
CVEs |
More Information |
bind |
CVE-2021-25214 |
See NVD (http://nvd.nist.gov/) for individual scores for each CVE. |
CVE-2021-25215 |
curl |
CVE-2021-22876 |
CVE-2021-22898 |
dhcp |
CVE-2021-25217 |
git |
CVE-2021-21300 |
glib2 |
CVE-2021-27218 |
CVE-2021-27219 |
glibc |
CVE-2019-25013 |
CVE-2020-29573 |
CVE-2020-27618 |
CVE-2020-29562 |
CVE-2021-3326 |
gnutls |
CVE-2021-20231 |
CVE-2021-20232 |
libnettle |
CVE-2021-20305 |
libX11 |
CVE-2021-31535 |
lz4 |
CVE-2021-3520 |
mgetty |
CVE-2018-16741 |
CVE-2018-16742 |
CVE-2018-16743 |
CVE-2018-16744 |
CVE-2018-16745 |
mozilla-nspr |
CVE-2021-23981 |
CVE-2021-23982 |
CVE-2021-23984 |
CVE-2021-23987 |
nghttp2 |
CVE-2020-11080 |
open-iscsi |
CVE-2020-17437 |
CVE-2020-17438 |
CVE-2020-13987 |
CVE-2020-13988 |
openldap2 |
CVE-2020-36221 |
CVE-2020-36222 |
CVE-2020-36223 |
CVE-2020-36224 |
CVE-2020-36225 |
CVE-2020-36226 |
CVE-2020-36227 |
CVE-2020-36228 |
CVE-2020-36229 |
CVE-2020-36230 |
CVE-2021-27212 |
openssl (Unisphere UI) |
CVE-2021-3712 |
openssl (NAS Server) |
CVE-2021-23840 |
polkit |
CVE-2021-3560 |
postgresql10 |
CVE-2020-25695 |
CVE-2020-25694 |
CVE-2020-25696 |
CVE-2021-32027 |
CVE-2021-32028 |
python-tk |
CVE-2021-3177 |
CVE-2019-20916 |
sudo |
CVE-2021-3156 |
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Affected Products and Remediation
Workarounds and Mitigations
None.
Revision History
Revision | Date | More Information |
1.0 | 2021-12-29 | Initial Release |
1.1 | 2022-01-05 | Minor update to CVE Identifier field. |
Related Information
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide