CVE-2021-21594
📋 TL;DR
Dell PowerScale OneFS versions 8.2.2 through 9.1.0.x have a vulnerability where sensitive data can be exposed through GET requests containing sensitive query strings. This affects all administrators and users of these Dell storage systems. Attackers could potentially access confidential information transmitted via URLs.
💻 Affected Systems
- Dell PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full disclosure of sensitive administrative credentials, configuration data, or user information leading to complete system compromise.
Likely Case
Exposure of session tokens, authentication parameters, or configuration details that could enable further attacks.
If Mitigated
Limited exposure of non-critical query parameters if proper network segmentation and access controls are implemented.
🎯 Exploit Status
Exploitation requires network access to the OneFS management interface and the ability to intercept or view GET requests containing sensitive parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions above 9.1.0.x (specific fixed version not specified in advisory)
Vendor Advisory: https://www.dell.com/support/kbdoc/000190408
Restart Required: Yes
Instructions:
1. Review Dell advisory 000190408. 2. Upgrade to a version above 9.1.0.x. 3. Apply the upgrade during a maintenance window. 4. Restart affected systems as required by the upgrade process.
🔧 Temporary Workarounds
Network Segmentation
allRestrict access to OneFS management interfaces to trusted networks only.
HTTPS Enforcement
allEnsure all management traffic uses HTTPS with proper encryption to prevent query string interception.
🧯 If You Can't Patch
- Implement strict network access controls to limit who can reach the OneFS management interfaces.
- Monitor network traffic for suspicious GET requests containing sensitive parameters and implement WAF rules if available.
🔍 How to Verify
Check if Vulnerable:
Check OneFS version via CLI: 'isi version' or web interface. If version is between 8.2.2 and 9.1.0.x inclusive, system is vulnerable.Check Version:
isi versionVerify Fix Applied:
After upgrade, verify version is above 9.1.0.x using 'isi version' command.📡 Detection & Monitoring
Log Indicators:
- Unusual GET requests to management interfaces with sensitive parameters in query strings
- Multiple failed authentication attempts followed by successful access
Network Indicators:
- Unencrypted HTTP traffic to OneFS management ports containing sensitive query parameters
- Traffic from unexpected source IPs to management interfaces
SIEM Query:
source="OneFS" AND (url="*?password=*" OR url="*?token=*" OR url="*?auth=*")