DSA-2021-259: Dell EMC iDRAC Security Update for Multiple Security Vulnerabilities
摘要: Dell EMC iDRAC remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.
本文章適用於
本文章不適用於
本文無關於任何特定產品。
本文未識別所有產品版本。
影響
Medium
詳細資料
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36347 | Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 6.2 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L |
| CVE-2021-36348 | Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2021-36346 | Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Third-party Component |
CVE | More information |
| OpenSSL | CVE-2021-3712 | See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36347 | Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 6.2 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L |
| CVE-2021-36348 | Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2021-36346 | Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Third-party Component |
CVE | More information |
| OpenSSL | CVE-2021-3712 | See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE. |
受影響的產品與補救措施
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36347 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m | |
| CVE-2021-36348 | Dell EMC iDRAC9 |
Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m |
| CVE-2021-36346 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| CVE-2021-3712 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 |
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.10.00.00. | 5.10.00.00 | https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36347 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m | |
| CVE-2021-36348 | Dell EMC iDRAC9 |
Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m |
| CVE-2021-36346 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| CVE-2021-3712 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 |
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.10.00.00. | 5.10.00.00 | https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9 |
修訂歷史記錄
| Revision | Date | Description |
| 1.0 | 2021-12-16 | Initial Release |
感謝
CVE-2021-36346: Dell Technologies would like to thank Ken Pyle from CYBIR for reporting this issue.
相關資訊
法律免責聲明
受影響的產品
iDRAC8, iDRAC7/8 with Lifecycle Controller Version 2.50.50.50, iDRAC7/8 with Lifecycle Controller Version 2.52.52.52, iDRAC7/8 with Lifecycle Controller Version 2.60.60.60, iDRAC7/8 with Lifecycle Controller Version 2.61.60.60
, iDRAC7/8 with Lifecycle Controller Version 2.62.60.60, iDRAC7/8 with Lifecycle Controller Version 2.63.60.61, iDRAC8 with Lifecycle Controller Version 2.04.02.01, iDRAC8 with Lifecycle Controller Version 2.00.00.00, iDRAC8 with Lifecycle Controller Version 2.02.01.01
...
產品
iDRAC9, iDRAC8 with Lifecycle Controller version 2.80.80.80, iDRAC8 with Lifecycle Controller version 2.81.81.81, iDRAC9 - 3.0x Series, iDRAC9 - 3.1x Series, iDRAC9 - 3.2x Series, iDRAC9 - 3.3x Series, iDRAC9 - 3.4x Series, iDRAC9 - 4.xx Series
, iDRAC9 - 5.xx Series, Product Security Information
...
文章屬性
文章編號: 000194038
文章類型: Dell Security Advisory
上次修改時間: 16 12月 2021
向其他 Dell 使用者尋求您問題的答案
支援服務
檢查您的裝置是否在支援服務的涵蓋範圍內。