DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection vulnerability.

摘要: DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection vulnerability.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

影响

Medium

详情

 
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2021-21510 Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability.  A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.   6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
 
 
Proprietary Code CVE(s) Description CVSS Base Score CVSS Vector String
CVE-2021-21510 Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability.  A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.   6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
 
Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数,这可能会影响与特定安全漏洞相关的潜在严重程度。

受影响的产品和补救措施

 
Product Affected Version(s) Updated Version(s) CVE Link to Update
iDRAC8 Versions prior to 2.75.100.75 Dell iDRAC8 2.75.100.75 CVE-2021-21510 Customers can download software, including the latest release of iDRAC firmware, from the Dell Support site at https://www.dell.com/support/home/

Customers can find the iDRAC documentation from the Dell EMC Support site at www.dell.com/idracmanuals
 
 

 
Product Affected Version(s) Updated Version(s) CVE Link to Update
iDRAC8 Versions prior to 2.75.100.75 Dell iDRAC8 2.75.100.75 CVE-2021-21510 Customers can download software, including the latest release of iDRAC firmware, from the Dell Support site at https://www.dell.com/support/home/

Customers can find the iDRAC documentation from the Dell EMC Support site at www.dell.com/idracmanuals
 
 

修订历史记录

 

RevisionDateDescription
1.02021-03-04Initial Release

确认

CVE-2021-21510: Dell would like to thank Ken Pyle from CYBIR for reporting this vulnerability.

相关信息

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

法律免责声明

受影响的产品

iDRAC8, iDRAC8 with Lifecycle Controller Version 2.12.12.12, iDRAC8 with Lifecycle Controller Version 2.14.14.12, iDRAC8 with Lifecycle Controller Version 2.17.17.13, iDRAC8 with Lifecycle Controller Version 2.18.17.13 , iDRAC8 with Lifecycle Controller Version 2.30.119.30, iDRAC8 with Lifecycle Controller Version 2.35.35.35, iDRAC8 with Lifecycle Controller Version 2.42.110.40, iDRAC8 with Lifecycle Controller Version 2.45.45.40, iDRAC8 with Lifecycle Controller Version 2.55.55.50, iDRAC8 with Lifecycle Controller version 2.70.70.70, iDRAC8 with Lifecycle Controller version 2.75.75.75, iDRAC8 with Lifecycle Controller Version 2.04.02.01, iDRAC8 with Lifecycle Controller Version 2.05.05.05, iDRAC8 with Lifecycle Controller Version 2.23.23.21, iDRAC8 with Lifecycle Controller Version 2.00.00.00, iDRAC8 with Lifecycle Controller Version 2.02.01.01, Product Security Information ...
文章属性
文章编号: 000183758
文章类型: Dell Security Advisory
上次修改时间: 23 11月 2021
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。