Race Condition Vulnerability in Dell EMC iDRAC9
CVE-2021-21539

5.9MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 30 April 2021

What is CVE-2021-21539?

Dell EMC iDRAC9 versions prior to 4.40.00.00 are susceptible to a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. This issue arises when a remote authenticated attacker exploits the timing discrepancies during simultaneous access to iDRAC via the web interface by a user with elevated privileges. If successful, the attacker could gain unauthorized access and potentially execute malicious actions that threaten the security of the system.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 4.40.00.00

References

https://www.dell.com/support/kbdoc/000185293

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jan 4, 2021