CVE-2021-36289 – Dell VNX2 OE for File versions 8.1.21.266 and e... (How to Fix)

Q: What is the severity of CVE-2021-36289?

CVE-2021-36289 has a CVSS score of 7.8 (HIGH). Dell VNX2 OE for File versions 8.1.21.266 and earlier contain a sensitive information disclosure vulnerability that allows local malicious users to read sensitive information. This affects organizations using Dell VNX2 storage systems with the vulnerable software. The exposed information could be used for further attacks.

📋 TL;DR

Dell VNX2 OE for File versions 8.1.21.266 and earlier contain a sensitive information disclosure vulnerability that allows local malicious users to read sensitive information. This affects organizations using Dell VNX2 storage systems with the vulnerable software. The exposed information could be used for further attacks.

💻 Affected Systems

Products:

Dell VNX2 OE for File

Versions: 8.1.21.266 and earlier

Operating Systems: VNX2 OE

Default Config Vulnerable: ⚠️ Yes

Notes: Affects Dell VNX2 storage systems running the vulnerable File software versions. Control Station components are affected.

📦 What is this software?

Emc Unity Operating Environment by Dell

View all CVEs affecting Emc Unity Operating Environment →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with local access could obtain administrative credentials, configuration secrets, or encryption keys, leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Local users or compromised accounts could access sensitive configuration data, potentially enabling privilege escalation or lateral movement within the storage environment.

🟢

If Mitigated

With strict access controls and network segmentation, impact is limited to the specific storage system, though sensitive information could still be exposed.

🌐 Internet-Facing: LOW - This requires local access to the system, making internet-facing exploitation unlikely unless the management interface is exposed.

🏢 Internal Only: HIGH - Internal malicious users or compromised accounts can exploit this vulnerability to access sensitive information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the system. No public exploit code has been identified, but the vulnerability is straightforward for local users.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 8.1.21.266

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000191155/dsa-2021-164-dell-vnx2-control-station-security-update-for-multiple-vulnerabilities

Restart Required: Yes

Instructions:

1. Download the latest VNX2 OE for File update from Dell Support. 2. Apply the update following Dell's documented procedures. 3. Reboot the system as required by the update process.

🔧 Temporary Workarounds

Restrict Local Access

all

Limit local access to VNX2 systems to authorized administrators only

Network Segmentation

all

Isolate VNX2 management interfaces from general network access

🧯 If You Can't Patch

Implement strict access controls to limit who can access the VNX2 systems locally
Monitor system logs for unusual access patterns or information disclosure attempts

🔍 How to Verify

Check if Vulnerable:

Check the VNX2 OE for File version via the Unisphere management interface or CLI. If version is 8.1.21.266 or earlier, the system is vulnerable.

Check Version:

naviseccli -h <array_ip> getagent

Verify Fix Applied:

After patching, verify the version is greater than 8.1.21.266 using the same methods.

📡 Detection & Monitoring

Log Indicators:

Unusual local access patterns to sensitive files
Multiple failed access attempts followed by successful sensitive file reads

Network Indicators:

Unusual traffic from VNX2 management interfaces

SIEM Query:

source="vnx2_logs" AND (event_type="file_access" AND file_path CONTAINS "sensitive" OR file_path CONTAINS "config")

📊 Metadata

CVE ID: CVE-2021-36289

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-532

Published: January 25, 2022

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36289, you might also want to check these: