Lucene search

DellCVELIST:CVE-2021-36300

HistoryNov 23, 2021 - 8:00 p.m.

CVE-2021-36300

2021-11-2320:00:33

CWE-89

dell

www.cve.org

idrac9

versions

input validation

vulnerability

webserver

information disclosure

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.

CNA Affected

[
  {
    "product": "Integrated Dell Remote Access Controller (iDRAC)",
    "vendor": "Dell",
    "versions": [
      {
        "lessThan": "5.00.00.00",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

support.emc.com/kb/000191229

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

70.4%

JSON

Related for CVELIST:CVE-2021-36300