DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities

Sommaire: Dell EMC iDRAC remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Produits touchés et correction

Produits touchés

Cet article s’applique à Cet article ne s’applique pas à Cet article n’est lié à aucun produit spécifique. Toutes les versions de produits ne sont pas identifiées dans cet article.

Consulter d’autres ressources

Impact

Medium

Détails

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36347	Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.	6.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
CVE-2021-36348	Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2021-36346	Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver.	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Third-party Component	CVE	More information
OpenSSL	CVE-2021-3712	See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE.

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2021-36347	Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.	6.2	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
CVE-2021-36348	Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.	5.9	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
CVE-2021-36346	Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver.	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Third-party Component	CVE	More information
OpenSSL	CVE-2021-3712	See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE.

Dell Technologies recommande à tous ses clients de tenir compte à la fois du score de base CVSS et de tous les scores temporels et environnementaux pertinents qui pourraient avoir une incidence sur la gravité potentielle associée à une vulnérabilité de sécurité particulière.

Produits touchés et correction

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2021-36347	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-36347	Dell EMC iDRAC9	Versions before 5.00.20.00.	5.00.20.00	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m
CVE-2021-36348	Dell EMC iDRAC9	Versions before 5.00.20.00.	5.00.20.00	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m
CVE-2021-36346	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-3712	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-3712	Dell EMC iDRAC9	Versions before 5.10.00.00.	5.10.00.00	https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2021-36347	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-36347	Dell EMC iDRAC9	Versions before 5.00.20.00.	5.00.20.00	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m
CVE-2021-36348	Dell EMC iDRAC9	Versions before 5.00.20.00.	5.00.20.00	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m
CVE-2021-36346	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-3712	Dell EMC iDRAC8	Versions before 2.82.82.82.	2.82.82.82	https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp
CVE-2021-3712	Dell EMC iDRAC9	Versions before 5.10.00.00.	5.10.00.00	https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9

Historique de révision

Revision	Date	Description
1.0	2021-12-16	Initial Release

Reconnaissances

CVE-2021-36346: Dell Technologies would like to thank Ken Pyle from CYBIR for reporting this issue.

Renseignements connexes

Avis de non-responsabilité

Produits touchés

iDRAC8, iDRAC7/8 with Lifecycle Controller Version 2.50.50.50, iDRAC7/8 with Lifecycle Controller Version 2.52.52.52, iDRAC7/8 with Lifecycle Controller Version 2.60.60.60, iDRAC7/8 with Lifecycle Controller Version 2.61.60.60 , iDRAC7/8 with Lifecycle Controller Version 2.62.60.60, iDRAC7/8 with Lifecycle Controller Version 2.63.60.61, iDRAC8 with Lifecycle Controller Version 2.04.02.01, iDRAC8 with Lifecycle Controller Version 2.00.00.00, iDRAC8 with Lifecycle Controller Version 2.02.01.01 ...

Produits

iDRAC9, iDRAC8 with Lifecycle Controller version 2.80.80.80, iDRAC8 with Lifecycle Controller version 2.81.81.81, iDRAC9 - 3.0x Series, iDRAC9 - 3.1x Series, iDRAC9 - 3.2x Series, iDRAC9 - 3.3x Series, iDRAC9 - 3.4x Series, iDRAC9 - 4.xx Series , iDRAC9 - 5.xx Series, Product Security Information ...

Numéro d’article: 000194038

Type d’article: Dell Security Advisory

Dernière modification: 16 déc. 2021

Vérifiez si votre appareil est couvert par les services de soutien.

DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities

Sommaire: Dell EMC iDRAC remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Impact

Détails

Produits touchés et correction

Historique de révision

Reconnaissances

Informations connexes

Avis de non-responsabilité

Produits touchés

Impact

Détails

Produits touchés et correction

Historique de révision

Reconnaissances

Renseignements connexes

Avis de non-responsabilité

Produits touchés

Produits

Propriétés de l’article

Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell

Services de soutien

Propriétés de l’article

Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell

Services de soutien

DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities

Sommaire: Dell EMC iDRAC remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Article détaillé

Impact

Détails

Produits touchés et correction

Historique de révision

Reconnaissances

Renseignements connexes

Avis de non-responsabilité

Produits touchés

Produits

Propriétés de l’article

Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell

Services de soutien

Propriétés de l’article

Obtenez des réponses à vos questions auprès d’autre utilisateurs de Dell

Services de soutien