Details of VAR-202104-0681

ID

VAR-202104-0681

CVE

CVE-2021-21541

TITLE

Dell EMC iDRAC9 Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-2278

DESCRIPTION

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Trust: 1.08

sources: NVD: CVE-2021-21541 // VULHUB: VHN-379945 // VULMON: CVE-2021-21541

AFFECTED PRODUCTS

vendor:

dell

model:

idrac9

scope:

version:

4.40.00.00

Trust: 1.0

sources: NVD: CVE-2021-21541

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21541
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21541
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-2278
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379945
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21541
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21541
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-379945
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21541
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-379945 // VULMON: CVE-2021-21541 // CNNVD: CNNVD-202104-2278 // NVD: CVE-2021-21541 // NVD: CVE-2021-21541

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-379945 // NVD: CVE-2021-21541

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2278

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202104-2278

PATCH

title:

Dell EMC iDRAC9 Fixes for cross-site scripting vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149943

Trust: 0.6

sources: CNNVD: CNNVD-202104-2278

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21541	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-2278	Trust: 0.6
db:	VULHUB	id:	VHN-379945	Trust: 0.1
db:	VULMON	id:	CVE-2021-21541	Trust: 0.1

sources: VULHUB: VHN-379945 // VULMON: CVE-2021-21541 // CNNVD: CNNVD-202104-2278 // NVD: CVE-2021-21541

REFERENCES

url:	https://www.dell.com/support/kbdoc/000185293	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21541	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379945 // VULMON: CVE-2021-21541 // CNNVD: CNNVD-202104-2278 // NVD: CVE-2021-21541

SOURCES

db:	VULHUB	id:	VHN-379945
db:	VULMON	id:	CVE-2021-21541
db:	CNNVD	id:	CNNVD-202104-2278
db:	NVD	id:	CVE-2021-21541

LAST UPDATE DATE

2024-08-14T14:31:45.510000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379945	date:	2021-05-10T00:00:00
db:	VULMON	id:	CVE-2021-21541	date:	2021-05-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-2278	date:	2021-05-11T00:00:00
db:	NVD	id:	CVE-2021-21541	date:	2021-05-10T17:06:02.647

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379945	date:	2021-04-30T00:00:00
db:	VULMON	id:	CVE-2021-21541	date:	2021-04-30T00:00:00
db:	CNNVD	id:	CNNVD-202104-2278	date:	2021-04-30T00:00:00
db:	NVD	id:	CVE-2021-21541	date:	2021-04-30T21:15:08.780