Vulnerability Description
Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Isilon Insightiq Firmware | < 4.1.4 |
| Dell | Isilon Insightiq | All versions |
Related Weaknesses (CWE)
References
- https://www.dell.com/support/kbdoc/000191604PatchVendor Advisory
- https://www.dell.com/support/kbdoc/000191604PatchVendor Advisory
FAQ
What is CVE-2021-36298?
CVE-2021-36298 is a vulnerability with a CVSS score of 8.1 (HIGH). Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to auth...
How severe is CVE-2021-36298?
CVE-2021-36298 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36298?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Isilon Insightiq Firmware, Dell Isilon Insightiq.