CVE-2021-21553
📋 TL;DR
Dell PowerScale OneFS versions 8.1.0 through 9.1.0 contain an incorrect user management vulnerability that allows CompAdmin users to elevate privileges and break out of Compliance mode under specific conditions. This affects organizations using Dell PowerScale storage systems with these software versions. The vulnerability enables privilege escalation within the storage management environment.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
CompAdmin user gains full administrative control over the PowerScale cluster, potentially accessing sensitive data, modifying configurations, or disrupting storage operations.
Likely Case
Authorized CompAdmin users bypass intended security restrictions to perform administrative actions they shouldn't have access to, compromising data integrity and compliance controls.
If Mitigated
With proper access controls and monitoring, impact is limited to authorized users gaining additional privileges within the storage management system.
🎯 Exploit Status
Exploitation requires authenticated access as a CompAdmin user and specific conditions to trigger the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OneFS 9.2.0 and later
Vendor Advisory: https://www.dell.com/support/kbdoc/000188148
Restart Required: Yes
Instructions:
1. Review Dell advisory 000188148. 2. Upgrade to OneFS 9.2.0 or later. 3. Reboot the PowerScale cluster after upgrade. 4. Verify the fix by checking version and testing CompAdmin restrictions.
🔧 Temporary Workarounds
Restrict CompAdmin Access
allLimit CompAdmin user accounts and monitor their activities until patching can be completed.
🧯 If You Can't Patch
- Implement strict access controls and monitoring for CompAdmin users
- Isolate PowerScale management interfaces from general network access
🔍 How to Verify
Check if Vulnerable:
Check OneFS version via SSH: 'isi version' or web interface. If version is between 8.1.0 and 9.1.0 inclusive, system is vulnerable.Check Version:
isi versionVerify Fix Applied:
After upgrade, verify version is 9.2.0 or later using 'isi version' command and test CompAdmin privilege restrictions.📡 Detection & Monitoring
Log Indicators:
- Unusual CompAdmin user activities
- Privilege escalation attempts in audit logs
- Configuration changes by CompAdmin users
Network Indicators:
- Unexpected administrative connections to PowerScale management interfaces
SIEM Query:
source="powerscale" AND (user="CompAdmin" AND (action="privilege_escalation" OR action="config_change"))