CVE-2021-36302: Privilege Escalation in Dell EMC Azure Stack Hub
Platform
dell
Component
dell-emc-integrated-system-for-microsoft-azure-stack-hub
Fixed in
Dell EMC 2204
CVE-2021-36302 represents a critical privilege escalation vulnerability affecting Dell EMC Integrated System for Microsoft Azure Stack Hub. Successful exploitation allows a remote, malicious user with standard-level Just Enough Administration (JEA) credentials to elevate their privileges and potentially gain complete control over the system. This vulnerability impacts versions up to and including Dell EMC 2204, with a fix available in Dell EMC 2204.
Impact and Attack Scenarios
The impact of CVE-2021-36302 is severe. An attacker who can obtain standard JEA credentials can leverage this vulnerability to escalate their privileges to a highly privileged account, effectively compromising the entire Azure Stack Hub system. This could lead to unauthorized access to sensitive data, modification of system configurations, deployment of malicious software, and disruption of services. The potential for lateral movement within the Azure Stack Hub environment is significant, as a compromised account can be used to access other resources and systems. The blast radius extends to all data and services hosted on the affected Azure Stack Hub instance.
Exploitation Context
CVE-2021-36302 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the vulnerability's severity and potential impact warrant careful attention. The vulnerability's reliance on JEA credentials suggests that attackers may target credential theft or misuse as an initial attack vector. The NVD was published on 2022-02-09.
Threat Intelligence
Exploit Status
EPSS
0.24% (48% percentile)
CVSS Vector
What do these metrics mean?
- Attack Vector
- Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
- Attack Complexity
- Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
- Privileges Required
- Low — any valid user account is sufficient. Basic authenticated access required.
- User Interaction
- None — attack is automatic and silent. Victim does nothing: no click, no file open.
- Scope
- Changed — successful attack can pivot beyond the vulnerable component to other systems or the host OS.
- Confidentiality
- High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
- Integrity
- High — attacker can write, modify, or delete any data: databases, config files, or code.
- Availability
- High — complete crash or resource exhaustion. Full denial of service.
Affected Software
Weakness Classification (CWE)
Timeline
- Reserved
- Published
- Modified
- EPSS updated
Mitigation and Workarounds
The primary mitigation for CVE-2021-36302 is to upgrade to Dell EMC Integrated System for Microsoft Azure Stack Hub version 2204 or later, which contains the fix. If an immediate upgrade is not feasible, consider restricting JEA access to only authorized personnel and implementing multi-factor authentication (MFA) for JEA accounts. Regularly review JEA policies and audit logs for suspicious activity. Implement network segmentation to limit the potential impact of a compromised account. After upgrade, confirm successful remediation by verifying that the JEA configuration is secure and that no unauthorized privilege escalation attempts are detected in the audit logs.
How to fix
Update Dell EMC Integrated System for Microsoft Azure Stack Hub to version 2204 or later. This corrects the privilege escalation vulnerability.
CVE Security Newsletter
Vulnerability analysis and critical alerts directly to your inbox.
Frequently asked questions
What is CVE-2021-36302 — Privilege Escalation in Dell EMC Azure Stack Hub?
CVE-2021-36302 is a critical vulnerability allowing remote attackers with standard JEA credentials to escalate privileges and gain control of Dell EMC Integrated System for Microsoft Azure Stack Hub versions ≤2204.
Am I affected by CVE-2021-36302 in Dell EMC Azure Stack Hub?
If you are running Dell EMC Integrated System for Microsoft Azure Stack Hub versions prior to 2204 and have standard JEA credentials accessible, you are potentially affected by this vulnerability.
How do I fix CVE-2021-36302 in Dell EMC Azure Stack Hub?
Upgrade to Dell EMC Integrated System for Microsoft Azure Stack Hub version 2204 or later to remediate the vulnerability. Consider restricting JEA access as an interim measure.
Is CVE-2021-36302 being actively exploited?
While no widespread exploitation has been publicly confirmed, the vulnerability's severity and potential impact warrant proactive mitigation.
Where can I find the official Dell EMC advisory for CVE-2021-36302?
Refer to the official Dell Security Advisory for CVE-2021-36302 on the Dell Support website: [https://www.dell.com/support/kbdoc/en-us/000182439/security-update-for-dell-emc-integrated-system-for-microsoft-azure-stack-hub-cve-2021-36302](https://www.dell.com/support/kbdoc/en-us/000182439/security-update-for-dell-emc-integrated-system-for-microsoft-azure-stack-hub-cve-2021-36302)
Is your project affected?
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.