Idrac9 Firmware@* Security Vulnerabilities and Issues — Idrac9 Firmware@* CVE List

Lucene search

DellIdrac9 Firmware*

7 matches found

CVE•added 2021/07/29 4:15 p.m.•252 views

CVE-2021-21538

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.

10CVSS9.6AI score0.01553EPSS

CVE•added 2021/04/30 9:15 p.m.•97 views

CVE-2021-21540

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.

8.1CVSS7.7AI score0.00377EPSS

CVE•added 2021/04/30 9:15 p.m.•81 views

CVE-2021-21542

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating...

4.8CVSS5AI score0.00163EPSS

CVE•added 2021/04/30 9:15 p.m.•80 views

CVE-2021-21539

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC throu...

7.1CVSS7AI score0.0043EPSS

CVE•added 2021/04/30 9:15 p.m.•80 views

CVE-2021-21544

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

4CVSS4.2AI score0.00214EPSS

CVE•added 2021/04/30 9:15 p.m.•74 views

CVE-2021-21541

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. Th...

6.1CVSS6.2AI score0.00763EPSS

CVE•added 2021/04/30 9:15 p.m.•73 views

CVE-2021-21543

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When...

4.8CVSS5.4AI score0.00222EPSS