Plateforme
dell
Composant
idrac
Corrigé dans
4.40.10.00
CVE-2021-21538 describes an improper authentication vulnerability affecting Dell iDRAC9 integrated remote access controllers. This flaw allows a remote, unauthenticated attacker to potentially gain access to the virtual console, compromising system management and potentially leading to broader network intrusion. The vulnerability impacts iDRAC9 versions 4.40.00.00 and later, up to but not including version 4.40.10.00. Dell has released a patch in version 4.40.10.00.
The impact of CVE-2021-21538 is severe. Successful exploitation grants an attacker unauthorized access to the iDRAC virtual console. This console provides extensive control over the managed server, including the ability to execute commands, access configuration settings, and potentially escalate privileges. An attacker could leverage this access to steal sensitive data, install malware, or disrupt server operations. Given the iDRAC's role in remote management, a compromise could lead to widespread system disruption and data breaches. This vulnerability shares similarities with other remote access vulnerabilities where improper authentication controls allow for unauthorized access.
CVE-2021-21538 was publicly disclosed on July 29, 2021. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. It is not currently listed on CISA KEV. Public proof-of-concept exploits are available, increasing the likelihood of exploitation. The EPSS score is likely to be assessed as high due to the combination of ease of exploitation and potential impact.
Organizations heavily reliant on Dell iDRAC9 for remote server management are at significant risk. This includes data centers, cloud providers, and businesses with numerous physical servers. Systems with older, unpatched iDRAC9 installations are particularly vulnerable. Shared hosting environments where multiple customers share the same physical infrastructure are also at increased risk.
• windows / supply-chain:
Get-WinEvent -LogName Security -Filter "EventID = 4625 -MessageText '*iDRAC*'" | fl -Property TimeCreated, Message• linux / server:
journalctl -u dell-racadm | grep "Authentication successful" -A 10• generic web:
curl -I https://<idrac_ip>/rdsm/login.jspdisclosure
patch
Statut de l'Exploit
EPSS
1.55% (percentile 81%)
Vecteur CVSS
The primary mitigation for CVE-2021-21538 is to upgrade the Dell iDRAC9 firmware to version 4.40.10.00 or later. Before upgrading, it is crucial to review Dell's compatibility matrix to ensure the new firmware is compatible with the existing hardware and software configuration. If an immediate upgrade is not feasible, consider implementing network segmentation to restrict access to the iDRAC management interface. Restrict access to the iDRAC management interface to only authorized personnel and systems. Monitor iDRAC logs for suspicious activity, particularly failed login attempts from unknown sources. After upgrading, confirm successful remediation by attempting a remote connection to the iDRAC console with an unauthenticated user account; the connection should be denied.
Mettez à jour le firmware de iDRAC9 à la version 4.40.10.00 ou ultérieure pour corriger la vulnérabilité d'authentification incorrecte. Cela empêchera les attaquants distants non authentifiés d'obtenir l'accès à la console virtuelle. Vous pouvez télécharger la mise à jour depuis le site web de support de Dell.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2021-21538 is a critical vulnerability in Dell iDRAC9 allowing unauthenticated remote access to the virtual console, potentially compromising server management.
If you are running Dell iDRAC9 versions 4.40.00.00 through 4.40.10.00, you are potentially affected by this vulnerability.
Upgrade your Dell iDRAC9 firmware to version 4.40.10.00 or later to remediate the vulnerability. Review Dell's compatibility matrix before upgrading.
While no confirmed active exploitation campaigns have been publicly reported, the vulnerability's severity and ease of exploitation make it a likely target.
Refer to the Dell Security Advisory DSA-2021-166 for detailed information and remediation steps: https://www.dell.com/support/kbdoc/en-us/DSA-2021-166
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.