Lucene search
K

Dell EMC Out-of-bounds Write (CVE-2021-36301)

🗓️ 17 Jan 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 23 Views

Dell EMC iDRAC Stack Buffer Overflow vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2021-36301
9 Sep 202100:00
attackerkb
Circl
CVE-2021-36301
23 Nov 202122:21
circl
CNNVD
Dell EMC iDRAC9和Dell EMC iDRAC8 缓冲区错误漏洞
9 Nov 202100:00
cnnvd
CheckPoint Security
Check Point Response to CVE-2021-36299, CVE-2021-36300, CVE-2021-36301, CVE-2021-20235 - Dell iDRAC9 Vulnerabilities
4 Nov 202100:00
checkpoint_security
CVE
CVE-2021-36301
23 Nov 202120:00
cve
Cvelist
CVE-2021-36301
23 Nov 202120:00
cvelist
Tenable Nessus
Dell EMC iDRAC8 < 2.80.80.80 / Dell EMC iDRAC9 < 4.40.40.00 (DSA-2021-177)
3 Jun 202200:00
nessus
EUVD
EUVD-2021-22921
3 Oct 202520:07
euvd
NCSC
Vulnerabilities fixed in Dell iDRAC
10 Sep 202100:00
ncsc
NVD
CVE-2021-36301
23 Nov 202120:15
nvd
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501904);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id("CVE-2021-36301");

  script_name(english:"Dell EMC Out-of-bounds Write (CVE-2021-36301)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version
2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated
remote attacker may potentially exploit this vulnerability to control
process execution and gain access to the underlying operating system.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://support.emc.com/kb/000191229");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-36301");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(787);

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/11/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:emc_idrac8_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:dell:emc_idrac9_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Dell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Dell');

var asset = tenable_ot::assets::get(vendor:'Dell');

var vuln_cpes = {
    "cpe:/o:dell:emc_idrac8_firmware" :
        {"versionEndExcluding" : "2.80.80.80", "family" : "iDRAC8"},
    "cpe:/o:dell:emc_idrac9_firmware" :
        {"versionEndExcluding" : "4.40.40.00", "family" : "iDRAC9"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

18 Jan 2024 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS 26.5
CVSS 3.15.9 - 7.2
EPSS0.27698
23