Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Article Number: 000186422


DSA-2021-098: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Summary: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article Content


Impact

Critical

Details

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 Severity: High, see VMSA-2021-0014.
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates

 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

VxRail Manager: OpenSSL

CVE-2020-1971 OpenSSL
VxRail Node: Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
 
VMware: Photon OS CVE-2017-2616 Photon OS 3.0 Security Advisories.
CVE-2018-1000654
CVE-2018-18751
CVE-2019-1010305
CVE-2019-13139
CVE-2019-13509
CVE-2019-19906
CVE-2019-19921
CVE-2019-20795
CVE-2019-20807
CVE-2019-20838
CVE-2020-14155
CVE-2019-5188
CVE-2019-7309
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-11984
CVE-2020-11993
CVE-2020-12062
CVE-2020-12243
CVE-2020-13776
CVE-2020-13943
CVE-2020-14342
CVE-2020-15025
CVE-2020-15257
CVE-2020-15358
CVE-2020-1971
CVE-2020-21674
CVE-2020-24659
CVE-2020-24977
CVE-2020-25613
CVE-2020-25694
CVE-2020-25695
CVE-2020-27619
CVE-2020-27673
CVE-2020-27675
CVE-2020-8037
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
CVE-2020-8623
CVE-2020-8624
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
     
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 Severity: High, see VMSA-2021-0014.
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates

 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

VxRail Manager: OpenSSL

CVE-2020-1971 OpenSSL
VxRail Node: Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
 
VMware: Photon OS CVE-2017-2616 Photon OS 3.0 Security Advisories.
CVE-2018-1000654
CVE-2018-18751
CVE-2019-1010305
CVE-2019-13139
CVE-2019-13509
CVE-2019-19906
CVE-2019-19921
CVE-2019-20795
CVE-2019-20807
CVE-2019-20838
CVE-2020-14155
CVE-2019-5188
CVE-2019-7309
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-11984
CVE-2020-11993
CVE-2020-12062
CVE-2020-12243
CVE-2020-13776
CVE-2020-13943
CVE-2020-14342
CVE-2020-15025
CVE-2020-15257
CVE-2020-15358
CVE-2020-1971
CVE-2020-21674
CVE-2020-24659
CVE-2020-24977
CVE-2020-25613
CVE-2020-25694
CVE-2020-25695
CVE-2020-27619
CVE-2020-27673
CVE-2020-27675
CVE-2020-8037
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
CVE-2020-8623
CVE-2020-8624
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
     

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

CVEs Addressed Product Affected Versions Updated Versions
See table above Dell VxRail Appliance 7.0.x versions before 7.0.200 7.0.200
CVEs Addressed Product Affected Versions Updated Versions
See table above Dell VxRail Appliance 7.0.x versions before 7.0.200 7.0.200
Revision History

RevisionDateDescription
1.02021-05-10Initial Release
1.12021-05-11Updated with DSA-2021-082 after embargo date.
1.22021-08-05Updated with VMSA-2021-0014 after embargo date.

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide


The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided "as is" without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.

Article Properties


Affected Product

VxRail, Product Security Information

Last Published Date

06 Aug 2021

Version

5

Article Type

Dell Security Advisory