Race Condition Vulnerability in Dell EMC iDRAC9
CVE-2021-21539

5.9MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 30 April 2021

What is CVE-2021-21539?

Dell EMC iDRAC9 versions prior to 4.40.00.00 are susceptible to a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. This issue arises when a remote authenticated attacker exploits the timing discrepancies during simultaneous access to iDRAC via the web interface by a user with elevated privileges. If successful, the attacker could gain unauthorized access and potentially execute malicious actions that threaten the security of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 4.40.00.00

References

https://www.dell.com/support/kbdoc/000185293

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jan 4, 2021

JSON

Dell