DSA-2021-098: Dell VxRail Appliance Security Update for Multiple Vulnerabilities

Samenvatting: Dell VxRail Appliance remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

Dit artikel is van toepassing op Dit artikel is niet van toepassing op Dit artikel is niet gebonden aan een specifiek product. Niet alle productversies worden in dit artikel vermeld.
Bekijk andere hulpbronnen

Impact

Critical

Gegevens

Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 Severity: High, see VMSA-2021-0014.1
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates

 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
CVE-2020-13935
CVE-2020-17527
CVE-2021-24122
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25687
VxRail Node: Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
 
VMware: Photon OS CVE-2017-2616 Photon OS 3.0 Security Advisories.
CVE-2018-1000654
CVE-2018-18751
CVE-2019-1010305
CVE-2019-13139
CVE-2019-13509
CVE-2019-19906
CVE-2019-19921
CVE-2019-20795
CVE-2019-20807
CVE-2019-20838
CVE-2020-14155
CVE-2019-5188
CVE-2019-7309
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-11984
CVE-2020-11993
CVE-2020-12062
CVE-2020-12243
CVE-2020-13776
CVE-2020-13943
CVE-2020-14342
CVE-2020-15025
CVE-2020-15257
CVE-2020-15358
CVE-2020-1971
CVE-2020-21674
CVE-2020-24659
CVE-2020-24977
CVE-2020-25613
CVE-2020-25694
CVE-2020-25695
CVE-2020-27619
CVE-2020-27673
CVE-2020-27675
CVE-2020-8037
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
CVE-2020-8623
CVE-2020-8624
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
     
Proprietary Code CVEs Description CVSS Base Score CVSS Vector String
CVE-2021-21508 Dell VxRail versions before 7.0.200 contain a Plain-text Password Storage Vulnerability in VxRail Manager. A sys-admin user may exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

 

Third-Party Component CVEs More information
VMware ESXi CVE-2021-21994 Severity: High, see VMSA-2021-0014.1
CVE-2021-21995

VxRail Manager: SUSE Grub2 and others

 CVE-2020-14372 SUSE grub2 UEFI secure boot bypass issues

SUSE updates

 
CVE-2020-25632
CVE-2020-25647
CVE-2020-27749
CVE-2020-27779
CVE-2021-20225
CVE-2021-20233

VxRail Manager: OpenSSL

 CVE-2020-1971 OpenSSL
CVE-2020-13935
CVE-2020-17527
CVE-2021-24122
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25687
VxRail Node: Dell iDRAC8 Updates 
  • VxRail E460
  • VxRail E460F
  • VxRail P470
  • VxRail P470F
  • VxRail V470
  • VxRail V470F
  • VxRail S470
 CVE-2021-21510 DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection.
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21539 DSA-2021-073: Dell iDRAC 9 Security Update for Multiple Vulnerabilities.
CVE-2021-21540
CVE-2021-21541
CVE-2021-21542
CVE-2021-21543
CVE-2021-21544
VxRail Node: Dell iDRAC9 Updates 
  • VxRail E560
  • VxRail E560F
  • VxRail E560N
  • VxRail P570
  • VxRail P570F
  • VxRail V570
  • VxRail V570F
  • VxRail G560
  • VxRail G560/F
  • VxRail S570
  • VxRail P580N
  • VxRail D560
  • VxRail D560F
 CVE-2021-21538 DSA-2021-082: Dell iDRAC 9 Security Update for Improper Authentication Vulnerability.
 
VMware: Photon OS CVE-2017-2616 Photon OS 3.0 Security Advisories.
CVE-2018-1000654
CVE-2018-18751
CVE-2019-1010305
CVE-2019-13139
CVE-2019-13509
CVE-2019-19906
CVE-2019-19921
CVE-2019-20795
CVE-2019-20807
CVE-2019-20838
CVE-2020-14155
CVE-2019-5188
CVE-2019-7309
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-11984
CVE-2020-11993
CVE-2020-12062
CVE-2020-12243
CVE-2020-13776
CVE-2020-13943
CVE-2020-14342
CVE-2020-15025
CVE-2020-15257
CVE-2020-15358
CVE-2020-1971
CVE-2020-21674
CVE-2020-24659
CVE-2020-24977
CVE-2020-25613
CVE-2020-25694
CVE-2020-25695
CVE-2020-27619
CVE-2020-27673
CVE-2020-27675
CVE-2020-8037
CVE-2020-8284
CVE-2020-8285
CVE-2020-8286
CVE-2020-8623
CVE-2020-8624
CVE-2020-9490
CVE-2020-11984
CVE-2020-11993
     
Dell Technologies raadt aan dat alle klanten rekening houden met zowel de basisscore van CVSS als alle relevante tijdelijke en omgevingsscores die gevolgen kunnen hebben voor de mogelijke ernst van de specifieke beveiligingsproblemen.

Getroffen producten en herstel

CVEs Addressed Product Affected Versions Updated Versions
See table above Dell VxRail Appliance 7.0.x versions before 7.0.200 7.0.200
CVEs Addressed Product Affected Versions Updated Versions
See table above Dell VxRail Appliance 7.0.x versions before 7.0.200 7.0.200

Revisiegeschiedenis

RevisionDateDescription
1.02021-05-10Initial Release
1.12021-05-11Updated with DSA-2021-082 after embargo date.
1.22021-08-05Updated with VMSA-2021-0014 after embargo date.
1.32022-11-22Updated with additional CVEs

Verwante informatie

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Juridische verklaring van afstand

Getroffen producten

VxRail, Product Security Information
Artikeleigenschappen
Artikelnummer: 000186422
Artikeltype: Dell Security Advisory
Laatst aangepast: 19 sep. 2025
Vind antwoorden op uw vragen via andere Dell gebruikers
Support Services
Controleer of uw apparaat wordt gedekt door Support Services.