Cybersecurity specialists reported the finding of a critical vulnerability in Dell EMC OpenManage Server Administrator, a software agent that provides a complete solution for system management. According to the report, successful exploitation of this vulnerability would allow the authentication processes of affected systems to be avoided.
Below is a brief overview of the reported flaw, in addition to its identification key and score according to the Common Vulnerability Scoring System (CVSS).
Tracked as CVE-2021-21513, this vulnerability exists due to an error in processing authentication requests, allowing threat actors to log in to OpenManage Server Administrator (OMSA) as an administrator without requiring the operating system username and password.
This flaw received a score of 8.8/10 on the CVSS scale.
The flaw lies in all dell EMC OpenManage Server Administrator versions earlier than 9.4.0.3 and 9.5.0.1.
While this flaw may be exploited by an unauthenticated remote threat actor over the Internet, cybersecurity experts have so far not detected attempts at active exploitation or the existence of a malware variant associated with this attack.
Security patches are now ready, so affected deployment administrators are encouraged to update as soon as possible. To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) website.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.