DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities
概要: Dell EMC iDRAC remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
この記事は次に適用されます:
この記事は次には適用されません:
この記事は、特定の製品に関連付けられていません。
すべての製品パージョンがこの記事に記載されているわけではありません。
影響
Medium
詳細
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36347 | Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 6.2 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L |
| CVE-2021-36348 | Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2021-36346 | Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Third-party Component |
CVE | More information |
| OpenSSL | CVE-2021-3712 | See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36347 | Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 6.2 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L |
| CVE-2021-36348 | Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2021-36346 | Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Third-party Component |
CVE | More information |
| OpenSSL | CVE-2021-3712 | See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE. |
影響を受ける製品と修復
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36347 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m | |
| CVE-2021-36348 | Dell EMC iDRAC9 |
Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m |
| CVE-2021-36346 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| CVE-2021-3712 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 |
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.10.00.00. | 5.10.00.00 | https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36347 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m | |
| CVE-2021-36348 | Dell EMC iDRAC9 |
Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m |
| CVE-2021-36346 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| CVE-2021-3712 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 |
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.10.00.00. | 5.10.00.00 | https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9 |
変更履歴
| Revision | Date | Description |
| 1.0 | 2021-12-16 | Initial Release |
確認
CVE-2021-36346: Dell Technologies would like to thank Ken Pyle from CYBIR for reporting this issue.
関連情報
法的免責事項
対象製品
iDRAC8, iDRAC7/8 with Lifecycle Controller Version 2.50.50.50, iDRAC7/8 with Lifecycle Controller Version 2.52.52.52, iDRAC7/8 with Lifecycle Controller Version 2.60.60.60, iDRAC7/8 with Lifecycle Controller Version 2.61.60.60
, iDRAC7/8 with Lifecycle Controller Version 2.62.60.60, iDRAC7/8 with Lifecycle Controller Version 2.63.60.61, iDRAC8 with Lifecycle Controller Version 2.04.02.01, iDRAC8 with Lifecycle Controller Version 2.00.00.00, iDRAC8 with Lifecycle Controller Version 2.02.01.01
...
製品
iDRAC9, iDRAC8 with Lifecycle Controller version 2.80.80.80, iDRAC8 with Lifecycle Controller version 2.81.81.81, iDRAC9 - 3.0x Series, iDRAC9 - 3.1x Series, iDRAC9 - 3.2x Series, iDRAC9 - 3.3x Series, iDRAC9 - 3.4x Series, iDRAC9 - 4.xx Series
, iDRAC9 - 5.xx Series, Product Security Information
...
文書のプロパティ
文書番号: 000194038
文書の種類: Dell Security Advisory
最終更新: 16 12月 2021
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。