CVE-2021-36298

Name of the Vulnerable Software and Affected Versions Dell EMC InsightIQ versions prior to 4.1.4

Description The issue is related to the use of risky cryptographic algorithms in the SSH component of Dell EMC InsightIQ. A remote unauthenticated attacker could potentially exploit this, leading to authentication bypass and remote takeover of InsightIQ. This allows an attacker to take complete control of InsightIQ, affecting services provided by SSH.

Recommendations For versions prior to 4.1.4, upgrade to version 4.1.4 or later at the earliest opportunity to resolve the issue. As a temporary workaround, consider restricting access to the SSH component until the upgrade is applied.