Admins that manage systems with the remote maintenance tool IDRAC 9 from dell should install the current version due to a closed safety chake. Also for wyse windows embedded system, there is a security update.
The weak point (CVE-2021-21538) in idrac 9 is with the degree of threat "critical" classified, the developers warn in a post. Of these are the versions from 4.40.00.00 affected. The ie 4.40.10.00 is secured.
Access without registration
How attacks could look concrete, is currently unclear. Due to an error in authentication, attackers were able to access the virtual consoles of vulnerable systems without registration from afar to the virtual consoles. To what could lead, dell does not work. The critical classification indicates that attackers could export their own commands in this position.
The lucke (CVE-2021-21552, "middle") in wyse windows embedded system (eg10 LTSC 2019) concerns dell wyse 5070 thin client, dell wyse 5470 thin client and dell wyse 5470 all-in-one thin client. Of these, all versions are threatened to just as 10 LTSC 2019. The security updates has linked dell to a warning message.