Details of VAR-202104-0684

ID

VAR-202104-0684

CVE

CVE-2021-21544

TITLE

Dell EMC iDRAC9 Authorization problem vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-2304

DESCRIPTION

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Trust: 1.08

sources: NVD: CVE-2021-21544 // VULHUB: VHN-379948 // VULMON: CVE-2021-21544

AFFECTED PRODUCTS

vendor:

dell

model:

idrac9

scope:

version:

4.40.00.00

Trust: 1.0

sources: NVD: CVE-2021-21544

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21544
value:	LOW
Trust: 1.0
security_alert@emc.com:	CVE-2021-21544
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-202104-2304
value:	LOW
Trust: 0.6
VULHUB:	VHN-379948
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21544
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21544
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-379948
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21544
baseSeverity:	LOW
baseScore:	2.7
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	1.4
version:	3.1
Trust: 2.0

sources: VULHUB: VHN-379948 // VULMON: CVE-2021-21544 // CNNVD: CNNVD-202104-2304 // NVD: CVE-2021-21544 // NVD: CVE-2021-21544

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	CWE-602	Trust: 1.0

sources: VULHUB: VHN-379948 // NVD: CVE-2021-21544

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-2304

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202104-2304

PATCH

title:	Dell EMC iDRAC9 Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=149950	Trust: 0.6
title:	CVE-numbers	url:	https://github.com/kosmosec/CVE-numbers	Trust: 0.1
title:	iDRAC-CVE-lib	url:	https://github.com/chnzzh/iDRAC-CVE-lib	Trust: 0.1

sources: VULMON: CVE-2021-21544 // CNNVD: CNNVD-202104-2304

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21544	Trust: 1.8
db:	CNNVD	id:	CNNVD-202104-2304	Trust: 0.6
db:	VULHUB	id:	VHN-379948	Trust: 0.1
db:	VULMON	id:	CVE-2021-21544	Trust: 0.1

sources: VULHUB: VHN-379948 // VULMON: CVE-2021-21544 // CNNVD: CNNVD-202104-2304 // NVD: CVE-2021-21544

REFERENCES

url:	https://www.dell.com/support/kbdoc/000185293	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21544	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/kosmosec/cve-numbers	Trust: 0.1

sources: VULHUB: VHN-379948 // VULMON: CVE-2021-21544 // CNNVD: CNNVD-202104-2304 // NVD: CVE-2021-21544

SOURCES

db:	VULHUB	id:	VHN-379948
db:	VULMON	id:	CVE-2021-21544
db:	CNNVD	id:	CNNVD-202104-2304
db:	NVD	id:	CVE-2021-21544

LAST UPDATE DATE

2024-08-14T14:18:32.457000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-379948	date:	2022-10-25T00:00:00
db:	VULMON	id:	CVE-2021-21544	date:	2022-10-25T00:00:00
db:	CNNVD	id:	CNNVD-202104-2304	date:	2022-10-26T00:00:00
db:	NVD	id:	CVE-2021-21544	date:	2022-10-25T19:14:50.563

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-379948	date:	2021-04-30T00:00:00
db:	VULMON	id:	CVE-2021-21544	date:	2021-04-30T00:00:00
db:	CNNVD	id:	CNNVD-202104-2304	date:	2021-04-30T00:00:00
db:	NVD	id:	CVE-2021-21544	date:	2021-04-30T21:15:08.900