PT-2021-14564 · Dell Emc · Dell Emc Integrated System For Microsoft Azure Stack Hub

Published

2021-05-06

Updated

2022-10-24

CVE-2021-21505

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Dell EMC Integrated System for Microsoft Azure Stack Hub versions 1906 through 2011

Description The issue concerns an undocumented default iDRAC account in the system. A remote unauthenticated attacker, with knowledge of the default credentials, could potentially exploit this to log in to the system and gain root privileges.

Recommendations For versions 1906 through 2011, change the default iDRAC account credentials to prevent unauthorized access. As a temporary workaround, consider restricting access to the iDRAC account until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188CWE-255

Related Identifiers

CVE-2021-21505

Affected Products

Dell Emc Integrated System For Microsoft Azure Stack Hub

CVE-2021-21505

Weakness Enumeration

Related Identifiers

Affected Products

References · 4