Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000186417

DSA-2021-090: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Summary: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Critical

Details

Proprietary Code CVE	Description	CVSS Base Score	CVSS Vector String
CVE-2021-21508	Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Third-Party Component	CVEs	More information
VMware ESXi	CVE-2021-21994	VMSA-2021-0014
VMware ESXi	CVE-2021-21995	VMSA-2021-0014
VxRail Manager: SUSE Grub2 and others	CVE-2020-14372	SUSE grub2 UEFI secure boot bypass issues SUSE updates
	CVE-2020-25632
	CVE-2020-25647
	CVE-2020-27749
	CVE-2020-27779
	CVE-2021-20225
	CVE-2021-20233
	CVE-2019-18348
	CVE-2021-23336
	CVE-2019-20916
	CVE-2021-3177
	CVE-2021-27219
	CVE-2021-27218
	CVE-2021-3348
	CVE-2020-25211
	CVE-2020-25639
	CVE-2020-27835
	CVE-2020-29568
	CVE-2020-29569
	CVE-2021-0342
	CVE-2021-20177
	CVE-2021-3347
	CVE-2020-36221
	CVE-2020-36222
	CVE-2020-36223
	CVE-2020-36224
	CVE-2020-36225
	CVE-2020-36226
	CVE-2020-36227
	CVE-2020-36228
	CVE-2020-36229
	CVE-2020-36230
	CVE-2021-27212
	CVE-2021-20193
	CVE-2021-23840
	CVE-2021-23841
	CVE-2020-8625
	CVE-2021-20229
	CVE-2021-3393
	CVE-2019-25013
	CVE-2021-3326
	CVE-2020-14803
	CVE-2020-14792
	CVE-2020-14781
	CVE-2020-14782
	CVE-2020-14797
	CVE-2020-14779
	CVE-2020-14796
	CVE-2020-14798
VxRail Manager: OpenSSL	CVE-2020-1971	OpenSSL
VxRail Node: Dell iDRAC8 Updates VxRail E460 VxRail E460F VxRail P470 VxRail P470F VxRail V470 VxRail V470F VxRail S470	CVE-2021-21510	DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2021-21539	DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities
	CVE-2021-21540
	CVE-2021-21541
	CVE-2021-21542
	CVE-2021-21543
	CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2020-26198	DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2021-21538	DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability

Proprietary Code CVE	Description	CVSS Base Score	CVSS Vector String
CVE-2021-21508	Dell VxRail, versions prior to 4.7.530 contain a Plain-text Password Storage Vulnerability. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account.	6.7	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Third-Party Component	CVEs	More information
VMware ESXi	CVE-2021-21994	VMSA-2021-0014
VMware ESXi	CVE-2021-21995	VMSA-2021-0014
VxRail Manager: SUSE Grub2 and others	CVE-2020-14372	SUSE grub2 UEFI secure boot bypass issues SUSE updates
	CVE-2020-25632
	CVE-2020-25647
	CVE-2020-27749
	CVE-2020-27779
	CVE-2021-20225
	CVE-2021-20233
	CVE-2019-18348
	CVE-2021-23336
	CVE-2019-20916
	CVE-2021-3177
	CVE-2021-27219
	CVE-2021-27218
	CVE-2021-3348
	CVE-2020-25211
	CVE-2020-25639
	CVE-2020-27835
	CVE-2020-29568
	CVE-2020-29569
	CVE-2021-0342
	CVE-2021-20177
	CVE-2021-3347
	CVE-2020-36221
	CVE-2020-36222
	CVE-2020-36223
	CVE-2020-36224
	CVE-2020-36225
	CVE-2020-36226
	CVE-2020-36227
	CVE-2020-36228
	CVE-2020-36229
	CVE-2020-36230
	CVE-2021-27212
	CVE-2021-20193
	CVE-2021-23840
	CVE-2021-23841
	CVE-2020-8625
	CVE-2021-20229
	CVE-2021-3393
	CVE-2019-25013
	CVE-2021-3326
	CVE-2020-14803
	CVE-2020-14792
	CVE-2020-14781
	CVE-2020-14782
	CVE-2020-14797
	CVE-2020-14779
	CVE-2020-14796
	CVE-2020-14798
VxRail Manager: OpenSSL	CVE-2020-1971	OpenSSL
VxRail Node: Dell iDRAC8 Updates VxRail E460 VxRail E460F VxRail P470 VxRail P470F VxRail V470 VxRail V470F VxRail S470	CVE-2021-21510	DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2021-21539	DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities
	CVE-2021-21540
	CVE-2021-21541
	CVE-2021-21542
	CVE-2021-21543
	CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2020-26198	DSA-2020-268: Dell EMC iDRAC9 Reflected XSS Vulnerability
VxRail Node: Dell iDRAC9 Updates VxRail E560 VxRail E560F VxRail E560N VxRail P570 VxRail P570F VxRail V570 VxRail V570F VxRail G560 VxRail G560/F VxRail S570 VxRail P580N VxRail D560 VxRail D560F	CVE-2021-21538	DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed	Product	Affected Versions	Updated Version
See table above	Dell VxRail Appliance	4.7.x versions before 4.7.530	4.7.530

CVEs Addressed	Product	Affected Versions	Updated Version
See table above	Dell VxRail Appliance	4.7.x versions before 4.7.530	4.7.530

Revision History

1.0	2021-05-05	Initial Release
1.1	2021-05-11	Updated with DSA-2021-082 after embargo date.
1.2	2021-06-04	Added CVE updates for SUSE packages.
1.3	2021-08-03	Updated with VMSA-2021-0014 after embargo date

DSA-2021-090: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Summary: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type

Welcome

Welcome to Dell

DSA-2021-090: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Summary: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content

Impact

Details

Affected Products and Remediation

Revision History

Related Information

Legal Information

Article Properties

Affected Product

Last Published Date

Version

Article Type