Description

Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.

Related CPE's

o

dell

isilon_insightiq_firmware

Vulnerable

h

dell

isilon_insightiq

References

https://www.dell.com/support/kbdoc/000191604

PatchVendor Advisory

https://www.dell.com/support/kbdoc/000191604

PatchVendor Advisory

Weaknesses

[email protected]

Secondary
CWE-327

CVSS impact metrics

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.1 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-01T19:15:08.180Z

4 years ago

Last modified

2024-11-21T05:13:27.037Z

1 year ago