Security News > 2021 > July > Dell Patches Critical Vulnerabilities in OpenManage Enterprise
Patches released this week by Dell for its OpenManage Enterprise product address multiple critical-severity vulnerabilities.
A systems management and monitoring application, Dell OpenManage Enterprise provides administrators with a comprehensive view of Dell EMC servers, network switches, and storage in their environment.
Another critical vulnerability that Dell patched in OpenManage Enterprise is CVE-2021-21585, an OS command injection bug in RACADM and IPMI tools that could allow a remote, authenticated malicious user that already has high privileges to execute arbitrary OS commands.
A third critical flaw patched in Dell OpenManage Enterprise is CVE-2021-21596, a remote code execution issue that could allow a malicious attacker that has access to the immediate subnet to access sensitive information and potentially elevate privileges.
The researchers said they discovered these vulnerabilities in July 2020, but reported them to Dell only this year.
A few other vulnerabilities that Kim and Torres discovered in OpenManage Enterprise were silently patched over the past year, according to the researchers.
News URL
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical vulnerabilities persist in high-risk sectors (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-09 | CVE-2021-21596 | Unspecified vulnerability in Dell products Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. low complexity dell | 8.8 |
2021-08-09 | CVE-2021-21585 | OS Command Injection vulnerability in Dell Openmanage Enterprise 3.5 Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. | 7.2 |