Impact
Critical
Details
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Product |
Affected Versions |
Updated Versions |
Link to Update |
Dell Integrated Data Protection Appliance |
2.7.2, 2.7.1, 2.7.0, 2.6.x, 2.5, 2.4.x, 2.3.x, and 2.2 |
Patch Pending |
|
NOTE: IDPA disables VNC by default and is not vulnerable by default. This vulnerability impacts only 14G based IDPA systems that run on iDRAC9 and have enabled VNC. See workaround for steps on disabling VNC.
This DSA for CVE-2021-36299 is not cumulative and does not contain fixes to all previous security fixes mentioned in previously published DSAs. Sequence does not matter for applying this DSA. You can apply the workaround present in this DSA before or after applying any previous DSAs.
Product |
Affected Versions |
Updated Versions |
Link to Update |
Dell Integrated Data Protection Appliance |
2.7.2, 2.7.1, 2.7.0, 2.6.x, 2.5, 2.4.x, 2.3.x, and 2.2 |
Patch Pending |
|
NOTE: IDPA disables VNC by default and is not vulnerable by default. This vulnerability impacts only 14G based IDPA systems that run on iDRAC9 and have enabled VNC. See workaround for steps on disabling VNC.
This DSA for CVE-2021-36299 is not cumulative and does not contain fixes to all previous security fixes mentioned in previously published DSAs. Sequence does not matter for applying this DSA. You can apply the workaround present in this DSA before or after applying any previous DSAs.
Workarounds & Mitigations
Steps:
- Open a browser software, enter the IP address of your iDRAC interface, and access the administrative web interface.
- On the prompt screen, enter the administrative login information.
- After a successful login, the administrative menu is displayed.
- Access the Configuration menu, and choose Virtual Console option.
- At the top of the screen, go to VNC Server panel.
- Ensure that Enable VNC Server option is in Disabled state as shown in the screenshot below.
- If it is not Disabled, choose Disabled, Save, and Exit.
Figure 1: Screenshot of Disable VNC Server
Revision History
Revision | Date | Description |
1.0 | 2022-May-24 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
Affected Products
PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security Information