DSA-2021-113: Dell OpenManage Enterprise and Dell OpenManage Enterprise-Modular Security Update for Multiple Vulnerabilities
Summary: Dell OpenManage Enterprise and Dell OpenManage Enterprise-Modular remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system. ...
Bu makale şunlar için geçerlidir:
Bu makale şunlar için geçerli değildir:
Bu makale, belirli bir ürüne bağlı değildir.
Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Impact
Critical
Details
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21564 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-21584 | Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. | 7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2021-21585 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. | 9.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2021-21596 | Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-21564 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malformed data. | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| CVE-2021-21584 | Dell OpenManage Enterprise version 3.5 and OpenManage Enterprise-Modular version 1.30.00 contain an information disclosure vulnerability. An authenticated low privileged attacker may potentially exploit this vulnerability leading to disclosure of the OIDC server credentials. | 7.7 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
| CVE-2021-21585 | Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. | 9.1 | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
| CVE-2021-21596 | Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. | 9.6 | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Etkilenen Ürünler ve Düzeltme
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21564 | Dell OpenManage Enterprise | Versions prior to 3.6.1 | 3.6.1 | KB article 175879 :Support for Dell EMC OpenManage Enterprise |
| CVE-2021-21584 | Dell OpenManage Enterprise | Version 3.5 only | 3.6.1 | KB article 175879: Support for Dell EMC OpenManage Enterprise |
| Dell OpenManage Enterprise-Modular | Version 1.30.00 | 1.30.10 | OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US | |
| CVE-2021-21585 | Dell OpenManage Enterprise | Versions prior to 3.6.1 | 3.6.1 | KB article 175879: Support for Dell EMC OpenManage Enterprise |
| CVE-2021-21596 | Dell OpenManage Enterprise | Versions 3.4 through 3.6.1 | 3.6.2 | https://dl.dell.com/openmanage_enterprise/3.6.2/ |
| Dell OpenManage Enterprise-Modular | Versions 1.20.00 through 1.30.00 | 1.30.10 | OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available. Dell Technologies recommends updating to the latest versions at the earliest opportunity.
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-21564 | Dell OpenManage Enterprise | Versions prior to 3.6.1 | 3.6.1 | KB article 175879 :Support for Dell EMC OpenManage Enterprise |
| CVE-2021-21584 | Dell OpenManage Enterprise | Version 3.5 only | 3.6.1 | KB article 175879: Support for Dell EMC OpenManage Enterprise |
| Dell OpenManage Enterprise-Modular | Version 1.30.00 | 1.30.10 | OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US | |
| CVE-2021-21585 | Dell OpenManage Enterprise | Versions prior to 3.6.1 | 3.6.1 | KB article 175879: Support for Dell EMC OpenManage Enterprise |
| CVE-2021-21596 | Dell OpenManage Enterprise | Versions 3.4 through 3.6.1 | 3.6.2 | https://dl.dell.com/openmanage_enterprise/3.6.2/ |
| Dell OpenManage Enterprise-Modular | Versions 1.20.00 through 1.30.00 | 1.30.10 | OpenManage Enterprise Modular v1.30.10 | Driver Details | Dell US |
Note: The table above may not be a comprehensive list of all affected supported versions and may be updated as more information becomes available. Dell Technologies recommends updating to the latest versions at the earliest opportunity.
Revision History
| Revision | Date | Description |
| 1.0 | 2021-07-19 | Initial release |
Acknowledgements
CVE-2021-21596: Dell Technologies would like to thank Pierre Kim and Alexandre Torres for reporting this issue.
Related Information
Yasal Uyarı
Etkilenen Ürünler
Dell EMC OpenManage Enterprise, Dell OpenManage Enterprise-Modular, Product Security InformationMakale Özellikleri
Article Number: 000189673
Article Type: Dell Security Advisory
Son Değiştirme: 19 Tem 2021
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.