Stack-Based Buffer Overflow Vulnerability in iDRAC9 and iDRAC8 by Dell
CVE-2021-36347

6.2MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 25 January 2022

What is CVE-2021-36347?

Dell's iDRAC9 and iDRAC8 systems are susceptible to a stack-based buffer overflow vulnerability. This flaw allows an authenticated remote attacker with high privileges to exploit the vulnerability, potentially facilitating control over process execution and unauthorized access to the iDRAC operating system. Prompt updates to the latest versions are essential for mitigating this risk.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < unspecified

References

https://www.dell.com/support/kbdoc/000194038

x_refsource_MISC

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jul 8, 2021