Improper Authentication in Dell EMC iDRAC9 Remote Management
CVE-2021-21544

2.7LOW

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 30 April 2021

What is CVE-2021-21544?

The Dell EMC iDRAC9 contains a vulnerability in its remote management system, where improper authentication allows a malicious user with elevated privileges to manipulate the username field in the comment section. This exploitation could lead to unauthorized alterations, raising serious security concerns for system integrity.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 4.40.00.00

References

https://www.dell.com/support/kbdoc/000185293

x_refsource_MISC

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2021
Vulnerability Reserved
Jan 4, 2021