DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities
摘要: Dell EMC iDRAC remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
Medium
详情
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36347 | Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 6.2 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L |
| CVE-2021-36348 | Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2021-36346 | Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Third-party Component |
CVE | More information |
| OpenSSL | CVE-2021-3712 | See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36347 | Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 6.2 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L |
| CVE-2021-36348 | Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2021-36346 | Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Third-party Component |
CVE | More information |
| OpenSSL | CVE-2021-3712 | See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE. |
受影响的产品和补救措施
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36347 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m | |
| CVE-2021-36348 | Dell EMC iDRAC9 |
Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m |
| CVE-2021-36346 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| CVE-2021-3712 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 |
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.10.00.00. | 5.10.00.00 | https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36347 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m | |
| CVE-2021-36348 | Dell EMC iDRAC9 |
Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m |
| CVE-2021-36346 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| CVE-2021-3712 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 |
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.10.00.00. | 5.10.00.00 | https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9 |
修订历史记录
| Revision | Date | Description |
| 1.0 | 2021-12-16 | Initial Release |
确认
CVE-2021-36346: Dell Technologies would like to thank Ken Pyle from CYBIR for reporting this issue.
相关信息
法律免责声明
受影响的产品
iDRAC8, iDRAC7/8 with Lifecycle Controller Version 2.50.50.50, iDRAC7/8 with Lifecycle Controller Version 2.52.52.52, iDRAC7/8 with Lifecycle Controller Version 2.60.60.60, iDRAC7/8 with Lifecycle Controller Version 2.61.60.60
, iDRAC7/8 with Lifecycle Controller Version 2.62.60.60, iDRAC7/8 with Lifecycle Controller Version 2.63.60.61, iDRAC8 with Lifecycle Controller Version 2.04.02.01, iDRAC8 with Lifecycle Controller Version 2.00.00.00, iDRAC8 with Lifecycle Controller Version 2.02.01.01
...
产品
iDRAC9, iDRAC8 with Lifecycle Controller version 2.80.80.80, iDRAC8 with Lifecycle Controller version 2.81.81.81, iDRAC9 - 3.0x Series, iDRAC9 - 3.1x Series, iDRAC9 - 3.2x Series, iDRAC9 - 3.3x Series, iDRAC9 - 3.4x Series, iDRAC9 - 4.xx Series
, iDRAC9 - 5.xx Series, Product Security Information
...
文章属性
文章编号: 000194038
文章类型: Dell Security Advisory
上次修改时间: 16 12月 2021
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。