VAR-202108-0514
Vulnerability from variot - Updated: 2023-12-18 12:34Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. Details - Remote Auth Bypass with 2 pre-auth RCEs in docker instances There is a chain of pre-auth vulnerabilities allowing to: get a shell on the redis container, as redis get a shell on the postgres container, as postgres get a full access to the postgres database bypass authentication on the web interface as admin Due to some requirements in the exploit chain, the attacker needs to be on the same subnet as the target (same LAN, without a gateway between the target and the attacker). The attack scenario is: attacker will own the redis running in a container inside the virtual machine running Dell OpenManage Enterprise and get a shell inside this container attacker will use the shell inside the redis container as a relay to get access to the remote postgresql server attacker will get a shell on the postgresql server attacker will redefine a new password for the web interface and will dump the entire postgresql server attacker will get an access on the web interface as admin The..
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-0514",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "openmanage enterprise-modular",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "1.30.00"
},
{
"model": "openmanage enterprise",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "3.4"
},
{
"model": "openmanage enterprise",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.6.1"
},
{
"model": "openmanage enterprise-modular",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "1.20.00"
},
{
"model": "dell openmanage enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "3.4 to 3.6.1"
},
{
"model": "dell openmanage enterprise-modular",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "1.20.00 to 1.30.00"
},
{
"model": "dell openmanage enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "-modular 1.20.00 to 1.30.00"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"db": "NVD",
"id": "CVE-2021-21596"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:openmanage_enterprise-modular:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.30.00",
"versionStartIncluding": "1.20.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:openmanage_enterprise:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.6.1",
"versionStartIncluding": "3.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21596"
}
]
},
"cve": "CVE-2021-21596",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-21596",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-380000",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-21596",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21596",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21596",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202107-1481",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-380000",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21596",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380000"
},
{
"db": "VULMON",
"id": "CVE-2021-21596"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"db": "NVD",
"id": "CVE-2021-21596"
},
{
"db": "NVD",
"id": "CVE-2021-21596"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell OpenManage Enterprise versions 3.4 through 3.6.1 and Dell OpenManage Enterprise Modular versions 1.20.00 through 1.30.00, contain a remote code execution vulnerability. A malicious attacker with access to the immediate subnet may potentially exploit this vulnerability leading to information disclosure and a possible elevation of privileges. Details - Remote Auth Bypass with 2 pre-auth RCEs in docker instances There is a chain of pre-auth vulnerabilities allowing to: get a shell on the redis container, as redis get a shell on the postgres container, as postgres get a full access to the postgres database bypass authentication on the web interface as admin Due to some requirements in the exploit chain, the attacker needs to be on the same subnet as the target (same LAN, without a gateway between the target and the attacker). The attack scenario is: attacker will own the redis running in a container inside the virtual machine running Dell OpenManage Enterprise and get a shell inside this container attacker will use the shell inside the redis container as a relay to get access to the remote postgresql server attacker will get a shell on the postgresql server attacker will redefine a new password for the web interface and will dump the entire postgresql server attacker will get an access on the web interface as admin The..",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21596"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"db": "VULHUB",
"id": "VHN-380000"
},
{
"db": "VULMON",
"id": "CVE-2021-21596"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21596",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009520",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1481",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-99310",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-380000",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21596",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380000"
},
{
"db": "VULMON",
"id": "CVE-2021-21596"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"db": "NVD",
"id": "CVE-2021-21596"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
]
},
"id": "VAR-202108-0514",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-380000"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:34:58.113000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2021-113",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/000189673"
},
{
"title": "Dell OpenManage Enterprise Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=159151"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "information leak (CWE-200) [NVD Evaluation ]",
"trust": 0.8
},
{
"problemtype": " Improper authority management (CWE-269) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"db": "NVD",
"id": "CVE-2021-21596"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000189673"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21596"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-openmanage-enterprise-four-vulnerabilities-35926"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/269.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-380000"
},
{
"db": "VULMON",
"id": "CVE-2021-21596"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"db": "NVD",
"id": "CVE-2021-21596"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-380000"
},
{
"db": "VULMON",
"id": "CVE-2021-21596"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"db": "NVD",
"id": "CVE-2021-21596"
},
{
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-09T00:00:00",
"db": "VULHUB",
"id": "VHN-380000"
},
{
"date": "2021-08-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21596"
},
{
"date": "2022-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"date": "2021-08-09T21:15:07.980000",
"db": "NVD",
"id": "CVE-2021-21596"
},
{
"date": "2021-07-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-380000"
},
{
"date": "2021-08-13T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21596"
},
{
"date": "2022-05-02T09:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-009520"
},
{
"date": "2022-10-24T19:52:29.033000",
"db": "NVD",
"id": "CVE-2021-21596"
},
{
"date": "2022-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0OpenManage\u00a0Enterprise\u00a0 and \u00a0Dell\u00a0OpenManage\u00a0Enterprise\u00a0Modular\u00a0 Information Disclosure Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-009520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202107-1481"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…