DSA-2022-146: Dell Integrated Data Protection Appliance (PowerProtect DP Series) Security Update for iDRAC Component Vulnerability
Summary: Dell EMC Integrated Data Protection Appliance (PowerProtect DP Series) remediation is available for iDRAC that may be exploited by malicious users to compromise the affected system.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Impact
Critical
Details
| Component | CVE | More information |
| iDRAC | CVE-2021-36299 | See Dell article 199267, DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
| Component | CVE | More information |
| iDRAC | CVE-2021-36299 | See Dell article 199267, DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability |
Affected Products & Remediation
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Integrated Data Protection Appliance | 2.7.2, 2.7.1, 2.7.0, 2.6.x, 2.5, 2.4.x, 2.3.x, and 2.2 | Patch Pending | |
NOTE: IDPA disables VNC by default and is not vulnerable by default. This vulnerability impacts only 14G based IDPA systems that run on iDRAC9 and have enabled VNC. See workaround for steps on disabling VNC.
This DSA for CVE-2021-36299 is not cumulative and does not contain fixes to all previous security fixes mentioned in previously published DSAs. Sequence does not matter for applying this DSA. You can apply the workaround present in this DSA before or after applying any previous DSAs.
| Product | Affected Versions | Updated Versions | Link to Update |
| Dell Integrated Data Protection Appliance | 2.7.2, 2.7.1, 2.7.0, 2.6.x, 2.5, 2.4.x, 2.3.x, and 2.2 | Patch Pending | |
NOTE: IDPA disables VNC by default and is not vulnerable by default. This vulnerability impacts only 14G based IDPA systems that run on iDRAC9 and have enabled VNC. See workaround for steps on disabling VNC.
This DSA for CVE-2021-36299 is not cumulative and does not contain fixes to all previous security fixes mentioned in previously published DSAs. Sequence does not matter for applying this DSA. You can apply the workaround present in this DSA before or after applying any previous DSAs.
Workarounds & Mitigations
Steps:
- Open a browser software, enter the IP address of your iDRAC interface, and access the administrative web interface.
- On the prompt screen, enter the administrative login information.
- After a successful login, the administrative menu is displayed.
- Access the Configuration menu, and choose Virtual Console option.
- At the top of the screen, go to VNC Server panel.
- Ensure that Enable VNC Server option is in Disabled state as shown in the screenshot below.
- If it is not Disabled, choose Disabled, Save, and Exit.
Figure 1: Screenshot of Disable VNC Server
Revision History
| Revision | Date | Description |
| 1.0 | 2022-May-24 | Initial Release |
Related Information
Legal Disclaimer
Affected Products
PowerProtect Data Protection Software, Integrated Data Protection Appliance Family, PowerProtect Data Protection Hardware, Integrated Data Protection Appliance Software, Product Security InformationArticle Properties
Article Number: 000200050
Article Type: Dell Security Advisory
Last Modified: 28 Jun 2023
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.