Headline
CVE-2021-21505: DSA-2021-020: Dell Integrated System for Microsoft Azure Stack Hub Security Update for an iDRAC Undocumented Account Vulnerability
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges.
Vaikutus
High
Tiedot
Description
CVSS Base Score
CVSS Vector String
Dell Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, may potentially exploit this to log in to the system to gain root privileges.
NOTE: For versions prior to 1906, the account is enabled and documented. For versions after 2011, the account is disabled by default.
8.0
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
CVSS Base Score
CVSS Vector String
Dell Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, may potentially exploit this to log in to the system to gain root privileges.
NOTE: For versions prior to 1906, the account is enabled and documented. For versions after 2011, the account is disabled by default.
8.0
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Version(s)
Updated Version(s)
Link to Update
Dell Integrated System for Microsoft Azure Stack Hub
versions 1906 – 2011
2102
Link to Install Guide
We recommend all users running versions prior to 2102, disable the default account following the best practices as described in Step 1 of page 12 of the Dell Integrated System for Microsoft
Azure Stack Hub Patch and Update Installation Guide
Product
Affected Version(s)
Updated Version(s)
Link to Update
Dell Integrated System for Microsoft Azure Stack Hub
versions 1906 – 2011
2102
Link to Install Guide
We recommend all users running versions prior to 2102, disable the default account following the best practices as described in Step 1 of page 12 of the Dell Integrated System for Microsoft
Azure Stack Hub Patch and Update Installation Guide
Kiitokset
Revision
Date
Description
1.0
2021-05-04
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
06 toukok. 2021