CVE-2021-21544 Vulnerability Details

  /     /     /  

CVE-2021-21544 Metadata Quick Info

CVE Published: 30/04/2021 | CVE Updated: 17/09/2024 | CVE Year: 2021
Source: dell | Vendor: Dell | Product: Integrated Dell Remote Access Controller (iDRAC)
Status : PUBLISHED

CVE-2021-21544 Description

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

Metrics

CVSS Version: 3.1 | Base Score: 2.7 LOW
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* HIGH
    User Interaction (UI)* NONE
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* NONE
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-602
CWE Name: CWE-602: Client-Side Enforcement of Server-Side Security
Source: Dell

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).