Race Condition Vulnerability in Dell EMC iDRAC9
CVE-2021-21539

5.9MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 30 April 2021

Summary

Dell EMC iDRAC9 versions prior to 4.40.00.00 are susceptible to a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. This issue arises when a remote authenticated attacker exploits the timing discrepancies during simultaneous access to iDRAC via the web interface by a user with elevated privileges. If successful, the attacker could gain unauthorized access and potentially execute malicious actions that threaten the security of the system.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 4.40.00.00

References

https://www.dell.com/support/kbdoc/000185293

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jan 4, 2021