CVE-2021-43587

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
dellCNA
8.2 HIGH
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
VendorProductVersion
dellpowerpath_management_appliance
2.6
dellpowerpath_management_appliance
3.0
dellpowerpath_management_appliance
3.0:patch_01
dellpowerpath_management_appliance
3.1
dellpowerpath_management_appliance
3.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260
https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260