Login Sign Up

CVE-2021-36314

7.1 HIGH
Remote Code Execution

📋 TL;DR

Dell EMC CloudLink versions 7.1 and earlier contain an arbitrary file creation vulnerability that allows remote unauthenticated attackers to create arbitrary files on the system. This could lead to remote code execution if combined with other vulnerabilities or misconfigurations. All users of CloudLink 7.1 and prior versions are affected.

💻 Affected Systems

Products:
  • Dell EMC CloudLink
Versions: 7.1 and all prior versions
Operating Systems: Not specified - likely appliance-based
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of affected versions are vulnerable by default. No special configuration required for exploitation.

📦 What is this software?

Emc Cloud Link by Dell

View all CVEs affecting Emc Cloud Link →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker gains full system control through arbitrary file creation leading to remote code execution, potentially compromising the entire CloudLink environment and connected systems.

🟠

Likely Case

Attackers create malicious files that could be executed through other means, leading to partial system compromise, data theft, or lateral movement within the network.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the CloudLink system itself without affecting other critical infrastructure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability allows unauthenticated remote exploitation, making it particularly dangerous. No public exploit code was found at time of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 7.1.1 or later (check Dell advisory for exact version)

Vendor Advisory: https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-force-com-one-one-app

Restart Required: Yes

Instructions:

1. Review Dell advisory DSA-2021-205. 2. Download and apply the latest CloudLink update from Dell support portal. 3. Restart the CloudLink service or appliance as required. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to CloudLink management interfaces to trusted IP addresses only

Use firewall rules to limit access: iptables -A INPUT -p tcp --dport [CloudLink_port] -s [trusted_ips] -j ACCEPT
iptables -A INPUT -p tcp --dport [CloudLink_port] -j DROP

🧯 If You Can't Patch

  • Isolate CloudLink systems in a dedicated network segment with strict firewall rules
  • Implement network monitoring and intrusion detection specifically for CloudLink traffic

🔍 How to Verify

Check if Vulnerable:

Check CloudLink version via web interface or CLI. If version is 7.1 or earlier, system is vulnerable.

Check Version:

Check web interface admin panel or use CloudLink CLI command: cloudlink --version

Verify Fix Applied:

Verify CloudLink version is 7.1.1 or later after applying patch. Test that arbitrary file creation is no longer possible.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file creation events in CloudLink logs
  • Unauthenticated access attempts to file creation endpoints
  • Abnormal process execution following file creation

Network Indicators:

  • Unusual HTTP POST requests to file creation endpoints
  • Traffic from unexpected sources to CloudLink management ports

SIEM Query:

source="cloudlink" AND (event_type="file_create" OR http_method="POST") AND src_ip NOT IN [trusted_ips]

📊 Metadata

CVE ID: CVE-2021-36314
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Published: November 23, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON