Vulnerabilities > CVE-2021-36305 - Incorrect Authorization vulnerability in Dell EMC Powerscale Onefs

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

dell

CWE-863

NVD

Published: 2021-11-12

Updated: 2021-11-17

Summary

Dell PowerScale OneFS contains an Unsynchronized Access to Shared Data in a Multithreaded Context in SMB CA handling. An authenticated user of SMB on a cluster with CA could potentially exploit this vulnerability, leading to a denial of service over SMB.

Vulnerable Configurations

Part	Description	Count
OS	Dell Dell EMC Powerscale Onefs 8.2.0 Dell EMC Powerscale Onefs 8.2.1 Dell EMC Powerscale Onefs 8.2.2 Dell EMC Powerscale Onefs 9.0.0.0 Dell EMC Powerscale Onefs 9.1.0.0 Dell EMC Powerscale Onefs 9.2.0.0 Dell EMC Powerscale Onefs 9.2.1.0 Dell EMC Powerscale Onefs 9.1.1.0	8

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.dell.com/support/kbdoc/000192046