Details of VAR-202103-0636

ID

VAR-202103-0636

CVE

CVE-2021-21510

TITLE

Dell iDRAC8 Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-004333

DESCRIPTION

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. Dell iDRAC8 Is vulnerable to injection.Information may be obtained and information may be tampered with. Dell iDRAC8 is an integrated Dell remote access controller that can help IT administrators deploy, update, monitor and maintain servers without installing any additional software. Dell iDRAC8 is a controller of Dell (Dell). Provides comprehensive, embedded management, and automation capabilities for the entire PowerEdge family of servers

Trust: 2.34

sources: NVD: CVE-2021-21510 // JVNDB: JVNDB-2021-004333 // CNVD: CNVD-2021-26351 // VULHUB: VHN-379914 // VULMON: CVE-2021-21510

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-26351

AFFECTED PRODUCTS

vendor:	dell	model:	idrac8	scope:	lt	version:	2.75.100.75	Trust: 1.6
vendor:	デル	model:	idrac8	scope:	eq	version:	idrac8 firmware 2.75.100.75	Trust: 0.8
vendor:	デル	model:	idrac8	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-26351 // JVNDB: JVNDB-2021-004333 // NVD: CVE-2021-21510

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21510
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21510
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-21510
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-26351
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202103-547
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379914
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21510
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21510
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-26351
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-379914
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

security_alert@emc.com:	CVE-2021-21510
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-21510
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-26351 // VULHUB: VHN-379914 // VULMON: CVE-2021-21510 // JVNDB: JVNDB-2021-004333 // CNNVD: CNNVD-202103-547 // NVD: CVE-2021-21510 // NVD: CVE-2021-21510

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	injection (CWE-74) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-379914 // JVNDB: JVNDB-2021-004333 // NVD: CVE-2021-21510

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202103-547

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202103-547

PATCH

title:	DSA-2021-041	url:	https://www.dell.com/support/kbdoc/en-us/000183758/dsa-2021-041-dell-emc-idrac-8-security-update-for-a-host-header-injection-vulnerability	Trust: 0.8
title:	Patch for Dell iDRAC8 host header injection vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/257166	Trust: 0.6
title:	Dell iDRAC8 Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144154	Trust: 0.6
title:	-	url:	https://github.com/chnzzh/iDRAC-CVE-lib	Trust: 0.1

sources: CNVD: CNVD-2021-26351 // VULMON: CVE-2021-21510 // JVNDB: JVNDB-2021-004333 // CNNVD: CNNVD-202103-547

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21510	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-004333	Trust: 0.8
db:	CNNVD	id:	CNNVD-202103-547	Trust: 0.7
db:	CNVD	id:	CNVD-2021-26351	Trust: 0.6
db:	VULHUB	id:	VHN-379914	Trust: 0.1
db:	VULMON	id:	CVE-2021-21510	Trust: 0.1

sources: CNVD: CNVD-2021-26351 // VULHUB: VHN-379914 // VULMON: CVE-2021-21510 // JVNDB: JVNDB-2021-004333 // CNNVD: CNNVD-202103-547 // NVD: CVE-2021-21510

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-21510	Trust: 2.0
url:	https://www.dell.com/support/kbdoc/en-us/000183758/dsa-2021-041-dell-emc-idrac-8-security-update-for-a-host-header-injection-vulnerability	Trust: 1.8
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/chnzzh/idrac-cve-lib	Trust: 0.1

sources: CNVD: CNVD-2021-26351 // VULHUB: VHN-379914 // VULMON: CVE-2021-21510 // JVNDB: JVNDB-2021-004333 // CNNVD: CNNVD-202103-547 // NVD: CVE-2021-21510

SOURCES

db:	CNVD	id:	CNVD-2021-26351
db:	VULHUB	id:	VHN-379914
db:	VULMON	id:	CVE-2021-21510
db:	JVNDB	id:	JVNDB-2021-004333
db:	CNNVD	id:	CNNVD-202103-547
db:	NVD	id:	CVE-2021-21510

LAST UPDATE DATE

2024-11-23T22:29:17.942000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-26351	date:	2021-04-09T00:00:00
db:	VULHUB	id:	VHN-379914	date:	2022-10-24T00:00:00
db:	VULMON	id:	CVE-2021-21510	date:	2022-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-004333	date:	2021-11-18T08:49:00
db:	CNNVD	id:	CNNVD-202103-547	date:	2021-03-19T00:00:00
db:	NVD	id:	CVE-2021-21510	date:	2024-11-21T05:48:30.207

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-26351	date:	2021-04-09T00:00:00
db:	VULHUB	id:	VHN-379914	date:	2021-03-08T00:00:00
db:	VULMON	id:	CVE-2021-21510	date:	2021-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-004333	date:	2021-11-18T00:00:00
db:	CNNVD	id:	CNNVD-202103-547	date:	2021-03-08T00:00:00
db:	NVD	id:	CVE-2021-21510	date:	2021-03-08T22:15:14.080