Dell EMC Updates
1890Warning Date
Severity Level
Warning Number
Target Sector
28 February, 2021
● High
2021-2543
All
Description:
Dell EMC has released security updates to address multiple vulnerabilities in the following products:
- Dell SupportAssist Enterprise
- Dell EMC SRS Policy Manager
- Dell Networking W-Series Access Points and Controllers
- Dell PowerMax Embedded NAS (eNAS)
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- XML external entity (XXE) attack
- Privilege escalation
- Arbitrary code execution
Best practice and Recommendations:
The CERT team encourages users to review Dell EMC security advisory and apply the necessary updates:
- https://www.dell.com/support/kbdoc/en-us/000183617/dsa-2021-047-dell-supportassist-enterprise-security-update-for-multiple-third-party-component-vulnerabilities
- https://www.dell.com/support/kbdoc/en-us/000183576/dsa-2021-045-dell-emc-srs-policy-manager-security-update-for-external-entity-injection-vulnerability
- https://www.dell.com/support/kbdoc/en-us/000183572/dsa-2021-032
- https://www.dell.com/support/kbdoc/en-us/000183514/dsa-2020-278-dell-emc-powermax-embedded-nas-enas-security-update-for-a-microsoft-netlogon-vulnerability