Description

Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.

Related CPE's

o

dell

isilon_insightiq_firmware

Vulnerable

h

dell

isilon_insightiq

References

https://www.dell.com/support/kbdoc/000191604

PatchVendor Advisory

Weaknesses

[email protected]

Primary
CWE-327

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-10-01T21:15:08.180

3 years ago

Last modified

2021-10-08T03:10:57.680

3 years ago