DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities

Tabla de contenido

Artículo detallado

Impacto

Detalles

Corrección y productos afectados

Historial de revisiones

Reconocimientos

Información relacionada

Descargo de responsabilidad

Productos afectados

Deje sus comentarios

Resumen: Dell EMC iDRAC remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Este artículo se aplica a Este artículo no se aplica a Este artículo no está vinculado a ningún producto específico. No se identifican todas las versiones del producto en este artículo.

Consulte estos recursos

Impacto

Medium

Detalles

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36347	Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.	6.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
CVE-2021-36348	Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2021-36346	Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver.	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Third-party Component	CVE	More information
OpenSSL	CVE-2021-3712	See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE.

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36347	Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.	6.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
CVE-2021-36348	Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2021-36346	Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver.	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Third-party Component	CVE	More information
OpenSSL	CVE-2021-3712	See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE.

Dell Technologies recomienda que todos los clientes tengan en cuenta tanto la puntuación base como cualquier otra puntuación ambiental y temporal relevante que pueda afectar la posible gravedad asociada con la vulnerabilidad de seguridad en particular.

Corrección y productos afectados

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2021-36347	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-36347	Dell EMC iDRAC9	Versions before 5.00.20.00.	5.00.20.00	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m
CVE-2021-36348	Dell EMC iDRAC9	Versions before 5.00.20.00.	5.00.20.00	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m
CVE-2021-36346	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-3712	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-3712	Dell EMC iDRAC9	Versions before 5.10.00.00.	5.10.00.00	https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2021-36347	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-36347	Dell EMC iDRAC9	Versions before 5.00.20.00.	5.00.20.00	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m
CVE-2021-36348	Dell EMC iDRAC9	Versions before 5.00.20.00.	5.00.20.00	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m
CVE-2021-36346	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-3712	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-3712	Dell EMC iDRAC9	Versions before 5.10.00.00.	5.10.00.00	https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9

Historial de revisiones

Revision	Date	Description
1.0	2021-12-16	Initial Release

Reconocimientos

CVE-2021-36346: Dell Technologies would like to thank Ken Pyle from CYBIR for reporting this issue.

Información relacionada

Descargo de responsabilidad

Productos afectados

iDRAC8, iDRAC7/8 with Lifecycle Controller Version 2.50.50.50, iDRAC7/8 with Lifecycle Controller Version 2.52.52.52, iDRAC7/8 with Lifecycle Controller Version 2.60.60.60, iDRAC7/8 with Lifecycle Controller Version 2.61.60.60 , iDRAC7/8 with Lifecycle Controller Version 2.62.60.60, iDRAC7/8 with Lifecycle Controller Version 2.63.60.61, iDRAC8 with Lifecycle Controller Version 2.04.02.01, iDRAC8 with Lifecycle Controller Version 2.00.00.00, iDRAC8 with Lifecycle Controller Version 2.02.01.01 ...

Productos

iDRAC9, iDRAC8 with Lifecycle Controller version 2.80.80.80, iDRAC8 with Lifecycle Controller version 2.81.81.81, iDRAC9 - 3.0x Series, iDRAC9 - 3.1x Series, iDRAC9 - 3.2x Series, iDRAC9 - 3.3x Series, iDRAC9 - 3.4x Series, iDRAC9 - 4.xx Series , iDRAC9 - 5.xx Series, Product Security Information ...

Número del artículo: 000194038

Tipo de artículo: Dell Security Advisory

Última modificación: 16 dic 2021

Compruebe si el dispositivo está cubierto por los servicios de soporte.

DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities

Resumen: Dell EMC iDRAC remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Impacto

Detalles

Corrección y productos afectados

Historial de revisiones

Reconocimientos

Información relacionada

Descargo de responsabilidad

Productos afectados

Productos

Propiedades del artículo

Encuentre respuestas a sus preguntas de otros usuarios de Dell

Servicios de soporte

Propiedades del artículo

Encuentre respuestas a sus preguntas de otros usuarios de Dell

Servicios de soporte