Details of VAR-202104-0682

ID

VAR-202104-0682

CVE

CVE-2021-21542

TITLE

Dell EMC iDRAC9 Cross-site scripting vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-2306

DESCRIPTION

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Trust: 1.08

sources: NVD: CVE-2021-21542 // VULHUB: VHN-379946 // VULMON: CVE-2021-21542

AFFECTED PRODUCTS

vendor:

dell

model:

idrac9

scope:

version:

4.40.00.00

Trust: 1.0

sources: NVD: CVE-2021-21542

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21542
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-21542
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-2306
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-379946
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-21542
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-21542
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-379946
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21542
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-379946 // VULMON: CVE-2021-21542 // CNNVD: CNNVD-202104-2306 // NVD: CVE-2021-21542 // NVD: CVE-2021-21542

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.1

sources: VULHUB: VHN-379946 // NVD: CVE-2021-21542

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2306

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202104-2306

PATCH

title:

Dell EMC iDRAC9 Fixes for cross-site scripting vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=149952

Trust: 0.6

sources: CNNVD: CNNVD-202104-2306

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21542	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-2306	Trust: 0.6
db:	VULHUB	id:	VHN-379946	Trust: 0.1
db:	VULMON	id:	CVE-2021-21542	Trust: 0.1

sources: VULHUB: VHN-379946 // VULMON: CVE-2021-21542 // CNNVD: CNNVD-202104-2306 // NVD: CVE-2021-21542

REFERENCES

url:	https://www.dell.com/support/kbdoc/000185293	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21542	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-379946 // VULMON: CVE-2021-21542 // CNNVD: CNNVD-202104-2306 // NVD: CVE-2021-21542

SOURCES

db:	VULHUB	id:	VHN-379946
db:	VULMON	id:	CVE-2021-21542
db:	CNNVD	id:	CNNVD-202104-2306
db:	NVD	id:	CVE-2021-21542

LAST UPDATE DATE

2024-08-14T14:03:15.099000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379946	date:	2021-05-10T00:00:00
db:	VULMON	id:	CVE-2021-21542	date:	2021-05-10T00:00:00
db:	CNNVD	id:	CNNVD-202104-2306	date:	2021-05-11T00:00:00
db:	NVD	id:	CVE-2021-21542	date:	2021-05-10T17:44:01.483

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379946	date:	2021-04-30T00:00:00
db:	VULMON	id:	CVE-2021-21542	date:	2021-04-30T00:00:00
db:	CNNVD	id:	CNNVD-202104-2306	date:	2021-04-30T00:00:00
db:	NVD	id:	CVE-2021-21542	date:	2021-04-30T21:15:08.820