Exploited Vulnerability Within Dell EMC VxRail Software

Photo of Dell EMC Logo

Another round of software vulnerabilities has been reported affecting multinational computer technology giant Dell. Following the recent news of a large batch of software vulnerabilities that have been addressed, Dell has confirmed that this time a public exploit is at large. This news of a fresh batch of multiple software vulnerabilities relates to an appliance belonging to Dell’s EMC IT infrastructure division, specifically an appliance called the VxRail.

About Dell EMC VxRail

The VxRail is a virtualization product from Dell’s EMC data center infrastructure technologies division. VXRail “provides the fastest and simplest path to transform operations and modernize data center infrastructure.” VXRail is “the single HCI platform” for VMware workload that includes “VDI, compute dense applications, and for hosting traditional and modern applications on a true hybrid cloud infrastructure.” VXRail is a widely used virtualization platform in many data centers. VXRail offers superior vSAN deployment to other hyper-converged infrastructures (HCI.)

The VxRail Software Vulnerability

On September 28th, 2021 a Dell Security Advisory report was released that addresses a total of 19 software vulnerabilities related to the Dell EMC VxRail appliance. Among the 19 vulnerabilities that were all classified high severity and above, vulnerability CVE-2021-22005 has been confirmed to have a public exploit.

Technical Details

According to the official release report details, the critical severity vulnerability CVE-2021-22005 points to an arbitrary file upload cybersecurity risk. The vulnerability allows a remote attacker to compromise a vulnerable system. The vulnerability exists due to insufficient validation of a file during file upload within the Analytics service. A remote non-authenticated attacker with network access to port 443/TCP can upload and execute an arbitrary file on the server. Successful exploitation of the vulnerability may result in the full compromise of the affected system. The vulnerability is being exploited in the wild as of September 23, 2021.

Arbitrary File Upload Vulnerability

When a type of software vulnerability is exploited such as an arbitrary file upload, in this case, a cybercriminal can use tools to upload a malicious file and gain access to a ‘remote shell‘ on the given platform. From there, root access can be gained as well as the possibility of executing a malicious file to compromise the security of the entire server or network.

Vulnerable Software Versions

The following software versions of Dell EMC VxRail are vulnerable;

Dell EMC VxRail Appliance:

  • 7.0.x versions below 7.0.240
  • 4.7.x versions below 4.7.535
  • 4.5.x versions below 4.5.462

Important User Information

Since this software vulnerability is confirmed as being publicly exploited for malicious purposes, it is critical that users update to the following versions of Dell EMC VxRail;

  • 7.0.241
  • 4.7.536
  • 4.5.463

Dell EMC resources and updates for VxRail software can be found here, following the sign-in process. Alternatively, this resource describing a ‘local upgrade process’ and an ‘internet upgrade process’ could be useful to VxRail users.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.