Dell EMC PowerScale OneFS 8.2.x/9.1.0.x Log File log file

Summaryinfo

A vulnerability marked as problematic has been reported in Dell EMC PowerScale OneFS 8.2.x/9.1.0.x. The affected element is an unknown function of the component Log File Handler. The manipulation leads to log file. This vulnerability is traded as CVE-2021-36278. It is possible to initiate the attack remotely. There is no exploit available.

Detailsinfo

A vulnerability was found in Dell EMC PowerScale OneFS 8.2.x/9.1.0.x. It has been rated as problematic. This issue affects an unknown code of the component Log File Handler. The manipulation with an unknown input leads to a log file vulnerability. Using CWE to declare the problem leads to CWE-532. Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Impacted is integrity, and availability.

The weakness was shared 08/17/2021 as 000190408. The advisory is shared at dell.com. The identification of this vulnerability is CVE-2021-36278. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $0-$5k at the moment (estimation calculated on 08/17/2021). MITRE ATT&CK project uses the attack technique T1592 for this issue.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• Dell EMC

Name

• PowerScale OneFS

Version

• 8.2.x
• 9.1.0.x

License

• commercial

Website

• Vendor: https://www.dellemc.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Discussion