Multiple vulnerabilities in Dell VxRail Appliance



| Updated: 2023-04-19
Risk High
Patch available YES
Number of vulnerabilities 8
CVE-ID CVE-2020-3992
CVE-2020-3981
CVE-2020-3982
CVE-2020-3995
CVE-2020-4004
CVE-2020-4005
CVE-2021-21972
CVE-2021-21973
CWE-ID CWE-416
CWE-125
CWE-787
CWE-401
CWE-264
CWE-20
CWE-918
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerability #7 is being exploited in the wild.
Vulnerability #8 is being exploited in the wild.
Vulnerable software
Subscribe
Dell EMC VxRail Appliance
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor Dell

Security Bulletin

This security bulletin contains information about 8 vulnerabilities.

1) Use-after-free

EUVDB-ID: #VU47750

Risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-3992

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error within the OpenSLP service. A remote attacker can can send specially crafted SLP message to port 427/udp, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC VxRail Appliance: before 7.0.101

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000180932/dsa-2020-255-dell-emc-vxrail-appliance-security-update-for-vmware-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Out-of-bounds read

EUVDB-ID: #VU47748

Risk: Medium

CVSSv3.1: 5.4 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3981

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition due to a time-of-check time-of-use issue in ACPI device within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. A remote administrator on a guest OS can run a specially crafted program to read memory from the vmx process.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC VxRail Appliance: before 7.0.101

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000180932/dsa-2020-255-dell-emc-vxrail-appliance-security-update-for-vmware-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds write

EUVDB-ID: #VU47749

Risk: High

CVSSv3.1: 7.3 [CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3982

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error caused by a time-of-check time-of-use issue in ACPI device within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. A remote administrator on the guest OS can run a specially crafted program to trigger a heap-based buffer overflow and crash the system or execute arbitrary code on the hypervisor.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC VxRail Appliance: before 7.0.101

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000180932/dsa-2020-255-dell-emc-vxrail-appliance-security-update-for-vmware-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU47751

Risk: High

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3995

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the VMCI host driver. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC VxRail Appliance: before 7.0.101

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000180932/dsa-2020-255-dell-emc-vxrail-appliance-security-update-for-vmware-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU48602

Risk: Low

CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4004

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the XHCI USB controller. A local administrator can execute arbitrary code as the virtual machine's VMX process running on the host

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC VxRail Appliance: before 7.0.101

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000180932/dsa-2020-255-dell-emc-vxrail-appliance-security-update-for-vmware-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU48603

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4005

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC VxRail Appliance: before 7.0.101

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000180932/dsa-2020-255-dell-emc-vxrail-appliance-security-update-for-vmware-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU50898

Risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-21972

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input in vSphere Client. A remote non-authenticated attacker can send a specially crafted HTTP request to port 443/tcp and execute arbitrary code on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC VxRail Appliance: before 7.0.101

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000180932/dsa-2020-255-dell-emc-vxrail-appliance-security-update-for-vmware-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

8) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU50899

Risk: Medium

CVSSv3.1: 5.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-21973

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: Yes

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input in vSphere Client. A remote non-authenticated attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Dell EMC VxRail Appliance: before 7.0.101

CPE2.3
External links

http://www.dell.com/support/kbdoc/en-us/000180932/dsa-2020-255-dell-emc-vxrail-appliance-security-update-for-vmware-vulnerabilities


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###