Improper Input Validation in iDRAC9 by Dell Technologies
CVE-2021-36300

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 23 November 2021

Summary

iDRAC9 versions before 5.00.00.00 are susceptible to an improper input validation vulnerability. This flaw allows unauthenticated remote attackers to exploit the system by sending specially crafted requests. Such exploitation could lead to the crashing of the webserver or, even more critically, the potential for information disclosure.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 5.00.00.00

References

https://support.emc.com/kb/000191229

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 23, 2021
Vulnerability Reserved
Jul 8, 2021