CVE-2021-36298
First published: Fri Sep 17 2021(Updated: )
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell Isilon Insightiq Firmware | <4.1.4 | |
| Dell Isilon Insightiq |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-36298?
The severity of CVE-2021-36298 is rated as critical with a CVSS score of 9.8.
How can I mitigate the risk of CVE-2021-36298?
To mitigate the risk of CVE-2021-36298, update Dell EMC InsightIQ to version 4.1.4 or later to address the vulnerability in the SSH component.
What could happen if CVE-2021-36298 is exploited?
If CVE-2021-36298 is exploited, a remote unauthenticated attacker could potentially bypass authentication and take over the InsightIQ system remotely.
- collector/nvd-index
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- agent/remedy
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/dell
- canonical/dell isilon insightiq firmware
- canonical/dell isilon insightiq