Vulnerability Description
Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. This vulnerability is considered critical as it may be leveraged to completely compromise the vulnerable application as well as the underlying operating system. Dell recommends customers to upgrade at the earliest opportunity.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Cloudlink | < 7.1.1 |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-Vendor Advisory
- https://www.dell.com/support/kbdoc/en-us/000193031/https-dellservices-lightning-Vendor Advisory
FAQ
What is CVE-2021-36313?
CVE-2021-36313 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Dell EMC CloudLink 7.1 and all prior versions contain an OS command injection Vulnerability. A remote high privileged attacker, may potentially exploit this vulnerability, leading to the execution of ...
How severe is CVE-2021-36313?
CVE-2021-36313 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-36313?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Cloudlink.