DSA-2021-098: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Yhteenveto: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Tämä artikkeli koskee tuotetta Tämä artikkeli ei koske tuotetta Tämä artikkeli ei liity tiettyyn tuotteeseen. Tässä artikkelissa ei yksilöidä kaikkia tuoteversioita.
Tutustu muihin resursseihin

Vaikutus

Critical

Tiedot

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 Severity: High, see VMSA-2021-0014.1
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates

 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
CVE-2020-13935
CVE-2020-17527
CVE-2021-24122
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25687
VxRail Node: Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
 
VMware: Photon OS CVE-2017-2616 Photon OS 3.0 Security Advisories.
CVE-2018-1000654
CVE-2018-18751
CVE-2019-1010305
CVE-2019-13139
CVE-2019-13509
CVE-2019-19906
CVE-2019-19921
CVE-2019-20795
CVE-2019-20807
CVE-2019-20838
CVE-2020-14155
CVE-2019-5188
CVE-2019-7309
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-11984
CVE-2020-11993
CVE-2020-12062
CVE-2020-12243
CVE-2020-13776
CVE-2020-13943
CVE-2020-14342
CVE-2020-15025
CVE-2020-15257
CVE-2020-15358
CVE-2020-1971
CVE-2020-21674
CVE-2020-24659
CVE-2020-24977
CVE-2020-25613
CVE-2020-25694
CVE-2020-25695
CVE-2020-27619
CVE-2020-27673
CVE-2020-27675
CVE-2020-8037
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
CVE-2020-8623
CVE-2020-8624
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
     
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 Severity: High, see VMSA-2021-0014.1
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates

 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
CVE-2020-13935
CVE-2020-17527
CVE-2021-24122
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25687
VxRail Node: Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
 
VMware: Photon OS CVE-2017-2616 Photon OS 3.0 Security Advisories.
CVE-2018-1000654
CVE-2018-18751
CVE-2019-1010305
CVE-2019-13139
CVE-2019-13509
CVE-2019-19906
CVE-2019-19921
CVE-2019-20795
CVE-2019-20807
CVE-2019-20838
CVE-2020-14155
CVE-2019-5188
CVE-2019-7309
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-11984
CVE-2020-11993
CVE-2020-12062
CVE-2020-12243
CVE-2020-13776
CVE-2020-13943
CVE-2020-14342
CVE-2020-15025
CVE-2020-15257
CVE-2020-15358
CVE-2020-1971
CVE-2020-21674
CVE-2020-24659
CVE-2020-24977
CVE-2020-25613
CVE-2020-25694
CVE-2020-25695
CVE-2020-27619
CVE-2020-27673
CVE-2020-27675
CVE-2020-8037
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
CVE-2020-8623
CVE-2020-8624
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
     
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

Tuotteet, joihin asia vaikuttaa, ja tilanteen korjaaminen

CVEs Addressed Product Affected Versions Updated Versions
See table above Dell VxRail Appliance 7.0.x versions before 7.0.200 7.0.200
CVEs Addressed Product Affected Versions Updated Versions
See table above Dell VxRail Appliance 7.0.x versions before 7.0.200 7.0.200

Versiohistoria

RevisionDateDescription
1.02021-05-10Initial Release
1.12021-05-11Updated with DSA-2021-082 after embargo date.
1.22021-08-05Updated with VMSA-2021-0014 after embargo date.
1.32022-11-22Updated with additional CVEs

Asiaan liittyvät tiedot

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Vastuuvapauslauseke

Tuotteet, joihin vaikutus kohdistuu

VxRail, Product Security Information
Artikkelin ominaisuudet
Artikkelin numero: 000186422
Artikkelin tyyppi: Dell Security Advisory
Viimeksi muutettu: 19 syysk. 2025
Etsi vastauksia kysymyksiisi muilta Dell-käyttäjiltä
Tukipalvelut
Tarkista, kuuluuko laitteesi tukipalveluiden piiriin.