Input Injection Vulnerability in iDRAC9 by Dell
CVE-2021-36348

5.9MEDIUM

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 25 January 2022

What is CVE-2021-36348?

iDRAC9 versions prior to 5.00.20.00 are vulnerable to an input injection flaw. This vulnerability could be exploited by a remote authenticated malicious user with limited access privileges, potentially leading to information disclosure or denial of service. By supplying specially crafted input data, the attacker could manipulate the iDRAC9 functionality to perform unauthorized actions.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 5.00.20.00

References

https://www.dell.com/support/kbdoc/000194038

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 25, 2022
Vulnerability Reserved
Jul 8, 2021