Lucene search

DellCVELIST:CVE-2021-21535

HistoryApr 30, 2021 - 5:40 p.m.

CVE-2021-21535

2021-04-3017:40:18

CWE-306

dell

www.cve.org

dell hybrid client

missing authentication

vulnerability

root access

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

CNA Affected

[
  {
    "product": "Dell Hybrid Client (DHC)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "1.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.dell.com/support/kbdoc/en-us/000184667/dsa-2021-071-dell-hybrid-client-security-update-for-multiple-vulnerabilities

CVSS3

7.4

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-21535