VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 12, 2021· Updated Sep 17, 2024

CVE-2021-21591

CVE-2021-21591

Description

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Dell Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 store passwords in plain text, allowing a local high-privilege attacker to compromise other user accounts.

Vulnerability

Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.1.0.0.5.394 contain a plain-text password storage vulnerability. The software stores passwords in an unencrypted form, making them accessible to a local user with high privileges. This affects all versions before the fixed release.

Exploitation

An attacker must have local access to the system and possess high privileges (e.g., Service user). With these privileges, the attacker can read the stored plain-text passwords from the system. No user interaction is required beyond gaining the necessary local access.

Impact

Successful exploitation allows the attacker to obtain the plain-text password of another user. The attacker can then use that password to gain access with the privileges of the compromised user, potentially leading to unauthorized access to sensitive data or further system compromise. The CVSS score is 6.4 (Medium) with vector CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H.

Mitigation

Dell has released version 5.1.0.0.5.394 which addresses this vulnerability. Users should upgrade to this version or later. No workarounds are mentioned in the advisory. The advisory is DSA-2021-139 [1].

References
  1. DSA-2021-139: Dell Unity, Dell UnityVSA, and Dell Unity XT Security Update for Multiple Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Dell/EMC Unityllm-fuzzy
    Range: <5.1.0.0.5.394
  • Dell/Unity XTllm-fuzzy2 versions
    <5.1.0.0.5.394+ 1 more
    • (no CPE)range: <5.1.0.0.5.394
    • (no CPE)range: unspecified
  • Dell/UnityVSAllm-fuzzy
    Range: <5.1.0.0.5.394

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.