Use of a Broken or Risky Cryptographic Algorithm

CVE-2021-36298

High

8.1/10

Summary

Dell EMC InsightIQ, versions prior to 4.1.4, contain risky cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to authentication bypass and remote takeover of the InsightIQ. This allows an attacker to take complete control of InsightIQ to affect services provided by SSH; so Dell recommends customers to upgrade at the earliest opportunity.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.

References

Advisory Timeline

Published Oct 01, 2021

Use of a Broken or Risky Cryptographic Algorithm

CVE-2021-36298

Summary

CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS