Contáctanos al
1510
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática del Gobierno de Chile, CSIRT de Gobierno, comparte información de vulnerabilidades en Dell EMC Enterprise Hybrid Cloud update for VMware.
Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.
Vulnerabilidades
CVE-2021-21975
CVE-2021-22012
CVE-2021-22006
CVE-2021-22007
CVE-2021-22008
CVE-2021-22009
CVE-2021-22010
CVE-2021-22011
CVE-2021-22013
CVE-2021-21993
CVE-2021-22014
CVE-2021-22015
CVE-2021-22016
CVE-2021-22017
CVE-2021-22018
CVE-2021-22019
CVE-2021-22020
CVE-2021-22005
CVE-2021-21992
CVE-2021-21983
CVE-2021-22002
CVE-2021-21984
CVE-2021-21985
CVE-2021-21986
CVE-2021-21997
CVE-2021-21999
CVE-2021-21994
CVE-2021-21995
CVE-2021-22003
CVE-2021-21991
CVE-2021-22022
CVE-2021-22023
CVE-2021-22024
CVE-2021-22025
CVE-2021-22026
CVE-2021-22027
CVE-2021-22021
Impactos
Riesgo crítico
CVE-2021-22005: Esta vulnerabilidad permite a un atacante remoto no autenticado comprometer los sistemas vulnerables. La vulnerabilidad existe debido a una validación insuficiente de archivos durante la carga de archivos dentro del servicio Analytics.
CVE-2021-21985: Esta vulnerabilidad permite a un atacante remoto comprometer un sistema afectado. La vulnerabilidad existe debido a una validación insuficiente de los input del usuario dentro del plugin Virtual SAN Health Check.
Riesgo alto
CVE-2021-22006
CVE-2021-22002
CVE-2021-22025
CVE-2021-21984
CVE-2021-21994
Productos Afectados
Dell Enterprise Hybrid Cloud: 4.1.0, 4.1.1.
Mitigación
Instalar las respectivas actualizaciones entregadas por el proveedor.
Enlaces
http://www.dell.com/support/kbdoc/fr-fr/printview/000192301/10/en
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22006
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22013
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22015
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22016
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22005
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22002
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21997
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22003
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22021
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00504-01