What is CVE-2021-43587?

CVE-2021-43587 is a vulnerability in Dell PowerPath Management Appliance versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, where a hard-coded cryptographic key could be exploited by a local high-privileged malicious user to gain access to secrets and elevate privileges.

How can a local high-privileged user exploit CVE-2021-43587?

A local high-privileged user can exploit CVE-2021-43587 by using the hard-coded cryptographic key to gain access to secrets and elevate their privileges.

What is the severity of CVE-2021-43587?

The severity of CVE-2021-43587 is high with a CVSS score of 6.7.

Which versions of Dell PowerPath Management Appliance are affected by CVE-2021-43587?

Dell PowerPath Management Appliance versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6 are affected by CVE-2021-43587.

How can I fix CVE-2021-43587?

To fix CVE-2021-43587, Dell recommends updating to the latest available version of PowerPath Management Appliance and following the provided mitigation steps in the Dell Security Advisory.

Vulnerability/
CVE-2021-43587

high

8.2

CWE

321

21/12/2021

21/11/2024

CVE-2021-43587

First published: Tue Dec 21 2021(Updated: )

Dell PowerPath Management Appliance, versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, use hard-coded cryptographic key. A local high-privileged malicious user may potentially exploit this vulnerability to gain access to secrets and elevate to gain higher privileges.

Credit: security_alert@emc.com security_alert@emc.com

Affected Software	Affected Version	How to fix
Dell PowerPath	=2.6
Dell PowerPath	=3.0
Dell PowerPath	=3.0-patch_01
Dell PowerPath	=3.1
Dell PowerPath	=3.2

Remedy

https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260

Never miss a vulnerability like this again

Reference Links

https://www.dell.com/support/kbdoc/en-us/000194083/dsa-2021-260

Frequently Asked Questions

What is CVE-2021-43587?
CVE-2021-43587 is a vulnerability in Dell PowerPath Management Appliance versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6, where a hard-coded cryptographic key could be exploited by a local high-privileged malicious user to gain access to secrets and elevate privileges.
How can a local high-privileged user exploit CVE-2021-43587?
A local high-privileged user can exploit CVE-2021-43587 by using the hard-coded cryptographic key to gain access to secrets and elevate their privileges.
What is the severity of CVE-2021-43587?
The severity of CVE-2021-43587 is high with a CVSS score of 6.7.
Which versions of Dell PowerPath Management Appliance are affected by CVE-2021-43587?
Dell PowerPath Management Appliance versions 3.2, 3.1, 3.0 P01, 3.0, and 2.6 are affected by CVE-2021-43587.
How can I fix CVE-2021-43587?
To fix CVE-2021-43587, Dell recommends updating to the latest available version of PowerPath Management Appliance and following the provided mitigation steps in the Dell Security Advisory.

agent/type
agent/severity
agent/weakness
agent/references
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/first-publish-date
agent/last-modified-date
agent/author
agent/softwarecombine
agent/event
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
vendor/dell
canonical/dell powerpath
version/dell powerpath/2.6
version/dell powerpath/3.0
version/dell powerpath/3.0-patch_01
version/dell powerpath/3.1
version/dell powerpath/3.2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.