CVE-2021-21514

4.9MEDIUM

Key Information:

Vendor: Dell
Status: Dell Open Manage Server Administrator
Vendor: CVE Published:; 2 March 2021

Badges

👾 Exploit Exists🟡 Public PoC

Summary

Dell EMC OpenManage Server Administrator (OMSA) versions 9.5 and prior contain a path traversal vulnerability. A remote user with admin privileges could potentially exploit this vulnerability to view arbitrary files on the target system by sending a specially crafted URL request.

Affected Version(s)

Dell Open Manage Server Administrator <= 9.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

AFR-in-OMSA
Created by und3sc0n0c1d0

References

https://www.dell.com/support/kbdoc/en-us/000183670/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 30, 2022
👾
Exploit known to exist
Nov 30, 2022
Vulnerability published
Mar 2, 2021
Vulnerability Reserved
Jan 4, 2021