Missing Authentication Vulnerability in Dell Hybrid Client Software
CVE-2021-21535

7.4HIGH

Key Information:

Vendor: Dell
Status: Dell Hybrid Client (dhc)
Vendor: CVE Published:; 30 April 2021

Summary

A missing authentication vulnerability in Dell Hybrid Client prior to version 1.5 enables local unauthenticated attackers to exploit critical functions, leading to unauthorized root access on affected systems. This risk underscores the importance of keeping software updated to mitigate exposure to local attack vectors.

Affected Version(s)

Dell Hybrid Client (DHC) < 1.5

References

https://www.dell.com/support/kbdoc/en-us/000184667/dsa-20...

x_refsource_MISC

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jan 4, 2021