CVE-2021-21544

Published: Apr 30, 2021Modified: Nov 21, 2024

2.7

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

Exploitability: 1.2 / Impact: 1.4

Source: NVD

Description

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

Affected (1)

Products: Dell: Idrac9 Firmware

1 product

Idrac9 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Idrac9 Firmware	Before 4.40.00.00

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

References (2)

https://www.dell.com/support/kbdoc/000185293

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/kbdoc/000185293

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.