9VSA21-00504-01 CSIRT advierte de vulnerabilidades en Dell EMC Enterprise Hybrid Cloud update for VMware

Resumen

El Equipo de Respuesta ante Incidentes de Seguridad Informática del Gobierno de Chile, CSIRT de Gobierno, comparte información de vulnerabilidades en Dell EMC Enterprise Hybrid Cloud update for VMware.

Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.

Vulnerabilidades

CVE-2021-21975

CVE-2021-22012

CVE-2021-22006

CVE-2021-22007

CVE-2021-22008

CVE-2021-22009

CVE-2021-22010

CVE-2021-22011

CVE-2021-22013

CVE-2021-21993

CVE-2021-22014

CVE-2021-22015

CVE-2021-22016

CVE-2021-22017

CVE-2021-22018

CVE-2021-22019

CVE-2021-22020

CVE-2021-22005

CVE-2021-21992

CVE-2021-21983

CVE-2021-22002

CVE-2021-21984

CVE-2021-21985

CVE-2021-21986

CVE-2021-21997

CVE-2021-21999

CVE-2021-21994

CVE-2021-21995

CVE-2021-22003

CVE-2021-21991

CVE-2021-22022

CVE-2021-22023

CVE-2021-22024

CVE-2021-22025

CVE-2021-22026

CVE-2021-22027

CVE-2021-22021

Impactos

Riesgo crítico

CVE-2021-22005: Esta vulnerabilidad permite a un atacante remoto no autenticado comprometer los sistemas vulnerables. La vulnerabilidad existe debido a una validación insuficiente de archivos durante la carga de archivos dentro del servicio Analytics.

CVE-2021-21985: Esta vulnerabilidad permite a un atacante remoto comprometer un sistema afectado. La vulnerabilidad existe debido a una validación insuficiente de los input del usuario dentro del plugin Virtual SAN Health Check.

Riesgo alto

CVE-2021-22006

CVE-2021-22002

CVE-2021-22025

CVE-2021-21984

CVE-2021-21994

Productos Afectados

Dell Enterprise Hybrid Cloud: 4.1.0, 4.1.1.

Mitigación

Instalar las respectivas actualizaciones entregadas por el proveedor. 

Enlaces

http://www.dell.com/support/kbdoc/fr-fr/printview/000192301/10/en

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21975

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22012

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22006

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22007

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22008

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22009

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22010

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22011

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22013

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21993

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22014

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22015

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22016

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22017

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22018

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22019

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22020

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22005

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21992

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21983

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22002

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21984

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21985

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21986

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21997

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21999

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21994

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21995

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22003

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21991

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22022

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22022

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22024

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22025

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22026

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22027

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22021

Informe

El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00504-01

9VSA21-00504-01 CSIRT advierte de vulnerabilidades en Dell EMC Enterprise Hybrid Cloud update for VMware