Plattform
dell
Komponente
dell-emc-integrated-system-for-microsoft-azure-stack-hub
Behoben in
Dell EMC 2204
CVE-2021-36302 represents a critical privilege escalation vulnerability affecting Dell EMC Integrated System for Microsoft Azure Stack Hub. Successful exploitation allows a remote, malicious user with standard-level Just Enough Administration (JEA) credentials to elevate their privileges and potentially gain complete control over the system. This vulnerability impacts versions up to and including Dell EMC 2204, with a fix available in Dell EMC 2204.
The impact of CVE-2021-36302 is severe due to the potential for complete system takeover. An attacker exploiting this vulnerability could gain root or administrator-level access, enabling them to modify system configurations, steal sensitive data, install malware, or disrupt operations. The reliance on JEA credentials means that an attacker who has already compromised a standard user account could leverage this vulnerability to escalate their privileges. This could lead to significant data breaches, service outages, and reputational damage. The blast radius extends to any data or services hosted on the affected Azure Stack Hub instance.
CVE-2021-36302 was publicly disclosed on February 9, 2022. While no public exploits have been widely reported, the vulnerability's critical severity and the potential for privilege escalation make it a high-priority target. Its presence on the Dell platform warrants careful monitoring. The exploitation pattern involves leveraging existing JEA credentials to gain elevated privileges, a technique seen in other privilege escalation vulnerabilities.
Organizations deploying Dell EMC Integrated System for Microsoft Azure Stack Hub, particularly those with less stringent JEA access controls or legacy configurations, are at significant risk. Shared hosting environments utilizing Azure Stack Hub are also vulnerable, as a compromise of one tenant could potentially impact others.
• windows / dell:
Get-WinEvent -LogName Security -Filter "EventID = 4624 -Message contains 'JEA'"• linux / server:
journalctl -u dell-azure-stack-hub -g 'JEA' | grep -i error• generic web:
curl -I <azure_stack_hub_url> | grep -i 'JEA'disclosure
patch
Exploit-Status
EPSS
0.24% (48% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2021-36302 is to upgrade to Dell EMC Integrated System for Microsoft Azure Stack Hub version 2204 or later. Prior to upgrading, it's crucial to review the Dell EMC release notes for any potential breaking changes and plan a rollback strategy if necessary. Consider implementing stricter JEA role restrictions to limit the potential impact of a compromised standard user account. Regularly audit JEA configurations and monitor for suspicious activity. While a WAF or proxy cannot directly prevent this privilege escalation, they can help detect and block malicious traffic attempting to exploit the vulnerability.
Aktualisieren Sie Dell EMC Integrated System for Microsoft Azure Stack Hub auf Version 2204 oder höher. Dies behebt die Schwachstelle zur Eskalation von Privilegien.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-36302 is a critical vulnerability allowing remote attackers with standard JEA credentials to escalate privileges and gain control of Dell EMC Integrated System for Microsoft Azure Stack Hub versions ≤2204.
If you are running Dell EMC Integrated System for Microsoft Azure Stack Hub versions prior to 2204 and have standard JEA credentials accessible, you are potentially affected by this vulnerability.
Upgrade to Dell EMC Integrated System for Microsoft Azure Stack Hub version 2204 or later to remediate the vulnerability. Consider restricting JEA access as an interim measure.
While no widespread exploitation has been publicly confirmed, the vulnerability's severity and potential impact warrant proactive mitigation.
Refer to the official Dell Security Advisory for CVE-2021-36302 on the Dell Support website: [https://www.dell.com/support/kbdoc/en-us/000182439/security-update-for-dell-emc-integrated-system-for-microsoft-azure-stack-hub-cve-2021-36302](https://www.dell.com/support/kbdoc/en-us/000182439/security-update-for-dell-emc-integrated-system-for-microsoft-azure-stack-hub-cve-2021-36302)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.