Multiple vulnerabilities in Dell Unisphere for PowerMax, Dell Solutions Enabler, Dell Unisphere 360, Dell VASA



Published: 2022-11-16
Risk Critical
Patch available YES
Number of vulnerabilities 98
CVE-ID CVE-2021-38624
CVE-2021-36965
CVE-2021-36966
CVE-2021-36967
CVE-2021-36969
CVE-2021-36970
CVE-2021-36972
CVE-2021-36973
CVE-2021-36974
CVE-2021-36975
CVE-2021-38628
CVE-2021-36963
CVE-2021-38629
CVE-2021-38630
CVE-2021-38632
CVE-2021-38633
CVE-2021-38634
CVE-2021-38635
CVE-2021-38636
CVE-2021-38637
CVE-2021-38638
CVE-2021-38639
CVE-2021-36964
CVE-2021-36962
CVE-2021-38663
CVE-2021-34536
CVE-2021-26426
CVE-2021-26432
CVE-2021-26433
CVE-2021-26435
CVE-2021-26441
CVE-2021-26442
CVE-2021-34486
CVE-2021-34487
CVE-2021-34530
CVE-2021-34534
CVE-2021-36926
CVE-2021-36961
CVE-2021-36932
CVE-2021-36933
CVE-2021-36938
CVE-2021-36948
CVE-2021-36953
CVE-2021-36954
CVE-2021-36955
CVE-2021-36958
CVE-2021-36959
CVE-2021-36960
CVE-2021-38662
CVE-2021-38667
CVE-2021-35559
CVE-2021-41340
CVE-2021-41342
CVE-2021-41343
CVE-2021-41345
CVE-2021-41347
CVE-2021-27290
CVE-2021-3517
CVE-2021-3522
CVE-2021-35550
CVE-2021-35556
CVE-2021-35560
CVE-2021-41335
CVE-2021-35561
CVE-2021-35564
CVE-2021-35565
CVE-2021-35567
CVE-2021-35578
CVE-2021-35586
CVE-2021-35588
CVE-2021-35603
CVE-2021-36338
CVE-2021-41338
CVE-2021-41332
CVE-2021-38671
CVE-2021-40464
CVE-2021-40443
CVE-2021-40444
CVE-2021-40447
CVE-2021-40449
CVE-2021-40450
CVE-2021-40454
CVE-2021-40455
CVE-2021-40460
CVE-2021-40462
CVE-2021-40463
CVE-2021-40465
CVE-2021-41331
CVE-2021-40466
CVE-2021-40467
CVE-2021-40470
CVE-2021-40475
CVE-2021-40476
CVE-2021-40477
CVE-2021-40478
CVE-2021-40488
CVE-2021-40489
CVE-2021-41330
CWE-ID CWE-254
CWE-94
CWE-264
CWE-200
CWE-451
CWE-119
CWE-190
CWE-20
CWE-732
CWE-185
CWE-787
CWE-300
CWE-669
CWE-416
Exploitation vector Network
Public exploit Vulnerability #33 is being exploited in the wild.
Vulnerability #42 is being exploited in the wild.
Vulnerability #45 is being exploited in the wild.
Public exploit code for vulnerability #46 is available.
Vulnerability #78 is being exploited in the wild.
Vulnerability #80 is being exploited in the wild.
Vulnerability #81 is being exploited in the wild.
Vulnerable software
Subscribe
VASA Provider Standalone
Other software / Other software solutions

Unisphere 360
Other software / Other software solutions

Solutions Enabler
Other software / Other software solutions

Unisphere for PowerMax Virtual Appliance
Other software / Other software solutions

Unisphere for PowerMax
Other software / Other software solutions

Solutions Enabler Virtual Appliance
Server applications / Virtualization software

Vendor Dell

Security Bulletin

This security bulletin contains information about 98 vulnerabilities.

1) Security features bypass

EUVDB-ID: #VU56586

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-38624

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Windows Key Storage Provider. A remote authenticated attacker can bypass the target application

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Code Injection

EUVDB-ID: #VU56522

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36965

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Windows WLAN AutoConfig Service. A remote attacker on the local network can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56581

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36966

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Subsystem for Linux, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56523

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36967

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker on the local network to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows WLAN AutoConfig Service, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Information disclosure

EUVDB-ID: #VU56563

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36969

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Redirected Drive Buffering SubSystem Driver. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Spoofing attack

EUVDB-ID: #VU57279

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36970

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Windows Print Spooler. A remote attacker can spoof page content.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Information disclosure

EUVDB-ID: #VU56527

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36972

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows SMB. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56519

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36973

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Redirected Drive Buffering System, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56526

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36974

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows SMB, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56510

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36975

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Win32k, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56501

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38628

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Ancillary Function Driver for WinSock, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56557

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36963

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Information disclosure

EUVDB-ID: #VU56502

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-38629

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Ancillary Function Driver for WinSock. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56547

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38630

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Security features bypass

EUVDB-ID: #VU56587

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38632

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to security feature bypass issue in BitLocker. An attacker with physical access can bypass the BitLocker Device Encryption feature on the system storage device and gain access to encrypted data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56558

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38633

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56562

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38634

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Microsoft Windows Update Client, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Information disclosure

EUVDB-ID: #VU56564

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38635

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Redirected Drive Buffering SubSystem Driver. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Information disclosure

EUVDB-ID: #VU56565

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38636

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Redirected Drive Buffering SubSystem Driver. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Information disclosure

EUVDB-ID: #VU56580

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38637

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Storage. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56500

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38638

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Ancillary Function Driver for WinSock, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56509

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38639

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Win32k, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56546

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36964

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Information disclosure

EUVDB-ID: #VU56521

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36962

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Installer. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Information disclosure

EUVDB-ID: #VU57309

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38663

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows exFAT File System. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55730

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-34536

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Storage Spaces Controller, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55725

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-26426

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the User Account Profile Picture, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Code Injection

EUVDB-ID: #VU55711

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-26432

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the Windows Services for NFS ONCRPC XDR Driver. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Information disclosure

EUVDB-ID: #VU55710

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-26433

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the Windows Services for NFS ONCRPC XDR Driver. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Buffer overflow

EUVDB-ID: #VU56529

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-26435

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Windows Scripting Engine. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Integer overflow

EUVDB-ID: #VU57256

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-26441

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the Storage Spaces Controller storport.sys driver. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code with SYSTEM privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57253

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-26442

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows HTTP.sys, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55727

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-34486

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU55728

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-34487

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) Code Injection

EUVDB-ID: #VU55701

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-34530

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the Windows Graphics Component. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Code Injection

EUVDB-ID: #VU55715

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-34534

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in the Windows MSHTML Platform. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

37) Information disclosure

EUVDB-ID: #VU55709

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36926

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the Windows Services for NFS ONCRPC XDR Driver. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

38) Input validation error

EUVDB-ID: #VU56520

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36961

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Installer. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

39) Information disclosure

EUVDB-ID: #VU55708

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36932

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the Windows Services for NFS ONCRPC XDR Driver. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

40) Information disclosure

EUVDB-ID: #VU55707

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36933

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the Windows Services for NFS ONCRPC XDR Driver. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

41) Information disclosure

EUVDB-ID: #VU55720

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36938

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in the Windows Cryptographic Primitives Library. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

42) Buffer overflow

EUVDB-ID: #VU55697

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-36948

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Windows Update Medic Service. A local user can run a specially crafted program to execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

43) Input validation error

EUVDB-ID: #VU57298

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36953

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Windows TCP/IP. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

44) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56585

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36954

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Bind Filter Driver, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

45) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56556

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36955

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

46) Incorrect permission assignment for critical resource

EUVDB-ID: #VU55790

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36958

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in Windows Print Spooler service due to improperly performed privileged file operations. A local user can send a specially crafted request to the Print Spooler service and execute arbitrary code with SYSTEM privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

47) Spoofing attack

EUVDB-ID: #VU56582

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-36959

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a local user to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Windows Authenticode. A local user can spoof page content.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

48) Information disclosure

EUVDB-ID: #VU56525

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-36960

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows SMB. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

49) Information disclosure

EUVDB-ID: #VU57286

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38662

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Fast FAT File System Driver. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

50) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56515

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38667

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

51) Improper input validation

EUVDB-ID: #VU57492

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35559

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Swing component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

52) Code Injection

EUVDB-ID: #VU57284

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-41340

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Windows Graphics Component. A remote attacker can trick a victim to open a specially crafted file and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

53) Code Injection

EUVDB-ID: #VU57285

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-41342

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Windows MSHTML Platform. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

54) Information disclosure

EUVDB-ID: #VU57287

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41343

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Fast FAT File System Driver. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

55) Integer overflow

EUVDB-ID: #VU57259

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41345

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the Storage Spaces Controller storport.sys driver. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code with SYSTEM privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

56) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57289

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41347

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows AppX Deployment Service, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

57) Incorrect Regular Expression

EUVDB-ID: #VU52194

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-27290

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect processing of SRIs. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

58) Out-of-bounds write

EUVDB-ID: #VU54224

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-3517

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the xml entity encoding functionality. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

59) Improper input validation

EUVDB-ID: #VU57488

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-3522

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the JavaFX (GStreamer) component in Java SE. A local non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

60) Man-in-the-Middle (MitM) attack

EUVDB-ID: #VU57487

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35550

CWE-ID: CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to the JSSE component in Oracle GraalVM Enterprise Edition offers cipher suites in the wrong way, which causes weaker cipher suites to be offered ahead of the strong ones. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

61) Improper input validation

EUVDB-ID: #VU57491

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35556

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Swing component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

62) Improper input validation

EUVDB-ID: #VU57485

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35560

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The vulnerability exists due to improper input validation within the Deployment component in Java SE. A remote non-authenticated attacker can exploit this vulnerability to execute arbitrary code.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

63) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57281

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41335

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Kernel, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

64) Improper input validation

EUVDB-ID: #VU57493

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35561

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Utility component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

65) Improper input validation

EUVDB-ID: #VU57490

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35564

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The vulnerability exists due to improper input validation within the Keytool component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

66) Improper input validation

EUVDB-ID: #VU57494

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35565

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

67) Improper input validation

EUVDB-ID: #VU57486

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35567

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote authenticated user can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

68) Improper input validation

EUVDB-ID: #VU57495

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35578

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition when processing TLS 1.3 ClientHello packets. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

69) Improper input validation

EUVDB-ID: #VU57489

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35586

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the ImageIO component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

70) Improper input validation

EUVDB-ID: #VU57497

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-35588

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

71) Improper input validation

EUVDB-ID: #VU57496

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-35603

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the JSSE component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

72) Incorrect Resource Transfer Between Spheres

EUVDB-ID: #VU69363

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-36338

CWE-ID: CWE-669 - Incorrect Resource Transfer Between Spheres

Exploit availability: No

Description

The vulnerability allows a remote attacker on a local network to gain elevated privileges.

The vulnerability exists due to incorrect resource transfer between spheres. A remote attacker on a local network can escalate their privileges and access functionalities they do not have access to.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

73) Security features bypass

EUVDB-ID: #VU57317

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-41338

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Windows AppContainer Firewall Rules. A local user can gain access to encrypted data.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

74) Information disclosure

EUVDB-ID: #VU57278

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-41332

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Print Spooler. A remote authenticated attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

75) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56516

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-38671

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

76) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57305

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40464

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker on the local network to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Nearby Sharing, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

77) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57272

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40443

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

78) Code Injection

EUVDB-ID: #VU56377

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2021-40444

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the MSHTML component. A remote attacker can create a specially crafted Office document with a malicious ActiveX control inside, trick the victim into opening the document and execute arbitrary code on the system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

79) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU56517

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40447

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Print Spooler, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

80) Use-after-free

EUVDB-ID: #VU57249

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40449

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the Win32k NtGdiResetDC function in Microsoft Windows kernel. A local user can run a specially crafted program to trigger a use-after-free error, when the function ResetDC is executed a second time for the same handle during execution of its own callback, and execute arbitrary code with elevated privileges.

Note, the vulnerability is being actively exploited in the wild.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

81) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57295

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40450

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Win32k, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

82) Information disclosure

EUVDB-ID: #VU57300

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40454

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Rich Text Edit Control. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

83) Spoofing attack

EUVDB-ID: #VU57302

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40455

CWE-ID: CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)

Exploit availability: No

Description

The vulnerability allows a local user to perform spoofing attack.

The vulnerability exists due to incorrect processing of user-supplied data in Windows Installer. A local user can spoof page content.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

84) Security features bypass

EUVDB-ID: #VU57315

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40460

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Windows Remote Procedure Call Runtime. A remote authenticated attacker can bypass the target application

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

85) Code Injection

EUVDB-ID: #VU57306

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40462

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Windows Media Foundation Dolby Digital Atmos Decoders. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

86) Input validation error

EUVDB-ID: #VU57296

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-40463

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Windows NAT. A remote authenticated attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

87) Code Injection

EUVDB-ID: #VU57271

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-40465

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Windows Text Shaping. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

88) Code Injection

EUVDB-ID: #VU57268

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-41331

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Windows Media Audio Decoder. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

89) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57273

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40466

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

90) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57274

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40467

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Common Log File System Driver, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

91) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57277

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40470

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in DirectX Graphics Kernel, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

92) Information disclosure

EUVDB-ID: #VU57304

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40475

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in Windows Cloud Files Mini Filter Driver. A local user can gain unauthorized access to sensitive information on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

93) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57313

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40476

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows AppContainer, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

94) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU57312

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40477

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in Windows Event Tracing, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

95) Integer overflow

EUVDB-ID: #VU57260

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40478

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the Storage Spaces Controller storport.sys driver. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code with SYSTEM privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

96) Integer overflow

EUVDB-ID: #VU57258

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40488

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the Storage Spaces Controller storport.sys driver. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code with SYSTEM privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

97) Integer overflow

EUVDB-ID: #VU57257

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-40489

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the Storage Spaces Controller storport.sys driver. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code with SYSTEM privileges.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

98) Code Injection

EUVDB-ID: #VU57250

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-41330

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Microsoft Windows Media Foundation. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

VASA Provider Standalone: before 9.2.3.0

Unisphere 360: before 9.2.3.3

Solutions Enabler Virtual Appliance: before 9.2.3.0

Solutions Enabler: before 9.2.3.0

Unisphere for PowerMax Virtual Appliance: before 9.1.0.31

Unisphere for PowerMax: before 9.1.0.31


CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000194640/dsa-2021-226-dell-emc-unisphere-for-powermax-dell-emc-unisphere-for-powermax-virtual-appliance-dell-emc-solutions-enabler-virtual-appliance-dell-emc-unisphere-360-dell-emc-vasa-and-dell-emc-powermax-embedded-management-security-update-for-multiple-th

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###