DSA-2021-090: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Shrnutí: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Tento článek se vztahuje na Tento článek se nevztahuje na Tento článek není vázán na žádný konkrétní produkt. V tomto článku nejsou uvedeny všechny verze produktu.
Podívejte se na další zdroje

Vliv

Critical

Podrobnosti

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 VMSA-2021-0014
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates


 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
CVE-2019-18348
CVE-2021-23336
CVE-2019-20916
CVE-2021-3177
CVE-2021-27219
CVE-2021-27218
CVE-2021-3348
CVE-2020-25211
CVE-2020-25639
CVE-2020-27835
CVE-2020-29568
CVE-2020-29569
CVE-2021-0342
CVE-2021-20177
CVE-2021-3347
CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
CVE-2021-20193
CVE-2021-23840
CVE-2021-23841
CVE-2020-8625
CVE-2021-20229
CVE-2021-3393
CVE-2019-25013
CVE-2021-3326
CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
VxRail Node:  Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection
VxRail Node: Dell iDRAC9 Updates
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node:  Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2020-26198

DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability

 

Proprietary Code CVE Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 VMSA-2021-0014
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates


 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233
CVE-2019-18348
CVE-2021-23336
CVE-2019-20916
CVE-2021-3177
CVE-2021-27219
CVE-2021-27218
CVE-2021-3348
CVE-2020-25211
CVE-2020-25639
CVE-2020-27835
CVE-2020-29568
CVE-2020-29569
CVE-2021-0342
CVE-2021-20177
CVE-2021-3347
CVE-2020-36221
CVE-2020-36222
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36226
CVE-2020-36227
CVE-2020-36228
CVE-2020-36229
CVE-2020-36230
CVE-2021-27212
CVE-2021-20193
CVE-2021-23840
CVE-2021-23841
CVE-2020-8625
CVE-2021-20229
CVE-2021-3393
CVE-2019-25013
CVE-2021-3326
CVE-2020-14803
CVE-2020-14792
CVE-2020-14781
CVE-2020-14782
CVE-2020-14797
CVE-2020-14779
CVE-2020-14796
CVE-2020-14798

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
VxRail Node:  Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection
VxRail Node: Dell iDRAC9 Updates
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node:  Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2020-26198

DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability

 

Společnost Dell Technologies všem zákazníkům doporučuje vzít v úvahu základní hodnocení CVSS i všechna související hodnocení v daném čase a prostředí, která mohou mít vliv na potenciální závažnost dané konkrétní bezpečnostní hrozby.

Dotčené produkty a náprava

CVEs Addressed Product Affected Versions Updated Version
 See table above  Dell VxRail Appliance  4.7.x versions before 4.7.530  4.7.530
CVEs Addressed Product Affected Versions Updated Version
 See table above  Dell VxRail Appliance  4.7.x versions before 4.7.530  4.7.530

Historie změn

1.02021-05-05Initial Release
1.12021-05-11Updated with DSA-2021-082 after embargo date.
1.22021-06-04Added CVE updates for SUSE packages.
1.32021-08-03Updated with VMSA-2021-0014 after embargo date

Související informace

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Právní upozornění

Dotčené produkty

VxRail, Product Security Information
Vlastnosti článku
Číslo článku: 000186417
Typ článku: Dell Security Advisory
Poslední úprava: 19 zář 2025
Najděte odpovědi na své otázky od ostatních uživatelů společnosti Dell
Služby podpory
Zkontrolujte, zda se na vaše zařízení vztahují služby podpory.