Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000186422

DSA-2021-098: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Summary: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 Severity: High, see VMSA-2021-0014.1
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates

 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
CVE-2020-13935
CVE-2020-17527
CVE-2021-24122
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25687
VxRail Node: Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
 
VMware: Photon OS CVE-2017-2616 Photon OS 3.0 Security Advisories.
CVE-2018-1000654
CVE-2018-18751
CVE-2019-1010305
CVE-2019-13139
CVE-2019-13509
CVE-2019-19906
CVE-2019-19921
CVE-2019-20795
CVE-2019-20807
CVE-2019-20838
CVE-2020-14155
CVE-2019-5188
CVE-2019-7309
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-11984
CVE-2020-11993
CVE-2020-12062
CVE-2020-12243
CVE-2020-13776
CVE-2020-13943
CVE-2020-14342
CVE-2020-15025
CVE-2020-15257
CVE-2020-15358
CVE-2020-1971
CVE-2020-21674
CVE-2020-24659
CVE-2020-24977
CVE-2020-25613
CVE-2020-25694
CVE-2020-25695
CVE-2020-27619
CVE-2020-27673
CVE-2020-27675
CVE-2020-8037
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
CVE-2020-8623
CVE-2020-8624
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
     
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 Severity: High, see VMSA-2021-0014.1
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates

 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
CVE-2020-13935
CVE-2020-17527
CVE-2021-24122
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25687
VxRail Node: Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
 
VMware: Photon OS CVE-2017-2616 Photon OS 3.0 Security Advisories.
CVE-2018-1000654
CVE-2018-18751
CVE-2019-1010305
CVE-2019-13139
CVE-2019-13509
CVE-2019-19906
CVE-2019-19921
CVE-2019-20795
CVE-2019-20807
CVE-2019-20838
CVE-2020-14155
CVE-2019-5188
CVE-2019-7309
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-11984
CVE-2020-11993
CVE-2020-12062
CVE-2020-12243
CVE-2020-13776
CVE-2020-13943
CVE-2020-14342
CVE-2020-15025
CVE-2020-15257
CVE-2020-15358
CVE-2020-1971
CVE-2020-21674
CVE-2020-24659
CVE-2020-24977
CVE-2020-25613
CVE-2020-25694
CVE-2020-25695
CVE-2020-27619
CVE-2020-27673
CVE-2020-27675
CVE-2020-8037
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
CVE-2020-8623
CVE-2020-8624
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
     
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions
See table above Dell VxRail Appliance 7.0.x versions before 7.0.200 7.0.200
CVEs Addressed Product Affected Versions Updated Versions
See table above Dell VxRail Appliance 7.0.x versions before 7.0.200 7.0.200

Revision History

RevisionDateDescription
1.02021-05-10Initial Release
1.12021-05-11Updated with DSA-2021-082 after embargo date.
1.22021-08-05Updated with VMSA-2021-0014 after embargo date.
1.32022-11-22Updated with additional CVEs

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

VxRail, Product Security Information

Last Published Date

22 Nov 2022

Version

6

Article Type

Dell Security Advisory

Back to Top