Vulnerability Details CVE-2021-21502
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration" vulnerability. A user on the network with the ISI_PRIV_AUTH_SSH RBAC privilege that has an expired account may potentially exploit this vulnerability, giving them access to the same things they had before account expiration. This may by a high privileged account and hence Dell recommends customers upgrade at the earliest opportunity.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2021-21502
-
cpe:2.3:o:dell:emc_powerscale_onefs:8.1.0
-
cpe:2.3:o:dell:emc_powerscale_onefs:8.1.1
-
cpe:2.3:o:dell:emc_powerscale_onefs:8.1.2
-
cpe:2.3:o:dell:emc_powerscale_onefs:8.2.0
-
cpe:2.3:o:dell:emc_powerscale_onefs:8.2.1
-
cpe:2.3:o:dell:emc_powerscale_onefs:8.2.2
-
cpe:2.3:o:dell:emc_powerscale_onefs:9.0.0
-
cpe:2.3:o:dell:emc_powerscale_onefs:9.1.0