CVE-2021-36280
📋 TL;DR
Dell EMC PowerScale OneFS versions 8.2.x through 9.2.x contain an incorrect permission assignment vulnerability that allows users with SSH or console login privileges to access privileged cluster information. This affects organizations using Dell EMC PowerScale storage systems with OneFS software.
💻 Affected Systems
- Dell EMC PowerScale OneFS
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker could access sensitive cluster configuration data, potentially enabling further privilege escalation or facilitating attacks against the storage infrastructure.
Likely Case
Authorized users with SSH/console access could unintentionally or intentionally view privileged information they shouldn't have access to, potentially exposing sensitive system details.
If Mitigated
With proper access controls and monitoring, the impact is limited to information disclosure without direct system compromise.
🎯 Exploit Status
Exploitation requires existing SSH or console access privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: OneFS 9.2.1.0 and later
Vendor Advisory: https://www.dell.com/support/kbdoc/000190408
Restart Required: Yes
Instructions:
1. Download the OneFS 9.2.1.0 or later update from Dell support. 2. Follow Dell's upgrade procedures for PowerScale clusters. 3. Apply the update to all nodes in the cluster. 4. Reboot the cluster as required by the update process.
🔧 Temporary Workarounds
Restrict SSH and Console Access
linuxLimit SSH and console access to only essential administrative personnel who require it for their duties.
# Review and modify user privileges using OneFS privilege management
# isi auth users view <username>
# isi auth users modify <username> --remove-privilege=ISI_PRIV_LOGIN_SSH,ISI_PRIV_LOGIN_CONSOLE
🧯 If You Can't Patch
- Implement strict access controls to limit SSH and console privileges to only essential personnel
- Enable detailed logging and monitoring of all SSH and console sessions for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Check your OneFS version: if it's between 8.2.x and 9.2.0.x, you are vulnerable.Check Version:
isi versionVerify Fix Applied:
Verify the system is running OneFS 9.2.1.0 or later and test that users with SSH/console privileges cannot access privileged cluster information.📡 Detection & Monitoring
Log Indicators:
- Unusual access to privileged cluster information by non-admin users
- Multiple failed privilege escalation attempts
Network Indicators:
- Unusual SSH traffic patterns to storage management interfaces
SIEM Query:
source="powerscale" AND (event_type="privilege_escalation" OR event_type="unauthorized_access")