Sign-up

ID

VAR-202111-1457


CVE

CVE-2021-36299


TITLE

Dell iDRAC9  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-015447

DESCRIPTION

Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application. Dell iDRAC9 for, SQL There is an injection vulnerability.Information is obtained and service operation is interrupted (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-36299 // JVNDB: JVNDB-2021-015447 // VULHUB: VHN-398183 // VULMON: CVE-2021-36299

AFFECTED PRODUCTS

vendor:dellmodel:emc idrac9scope:gteversion:4.40.00.00

Trust: 1.0

vendor:dellmodel:emc idrac9scope:eqversion:5.00.00.00

Trust: 1.0

vendor:dellmodel:emc idrac9scope:ltversion:4.40.29.00

Trust: 1.0

vendor:デルmodel:idrac9scope:eqversion: -

Trust: 0.8

vendor:デルmodel:idrac9scope:eqversion:idrac9 firmware 4.40.00.00 that's all 4.40.29.00

Trust: 0.8

vendor:デルmodel:idrac9scope:eqversion:idrac9 firmware 5.00.00.00

Trust: 0.8

sources: JVNDB: JVNDB-2021-015447 // NVD: CVE-2021-36299

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-36299
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2021-36299
value: HIGH

Trust: 1.0

NVD: CVE-2021-36299
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202111-771
value: HIGH

Trust: 0.6

VULHUB: VHN-398183
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-36299
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-36299
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-398183
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-36299
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2021-36299
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-36299
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398183 // VULMON: CVE-2021-36299 // JVNDB: JVNDB-2021-015447 // CNNVD: CNNVD-202111-771 // NVD: CVE-2021-36299 // NVD: CVE-2021-36299

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.1

problemtype:SQL injection (CWE-89) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398183 // JVNDB: JVNDB-2021-015447 // NVD: CVE-2021-36299

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-771

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-202111-771

PATCH

title:DSA-2021-177url:https://www.dell.com/support/kbdoc/ja-jp/000191229/dsa-2021-177-dell-emc-idrac-security-update-for-multiple-security-vulnerabilities

Trust: 0.8

title:DELL Dell EMC iDRAC9 SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171228

Trust: 0.6

title: - url:https://github.com/chnzzh/iDRAC-CVE-lib

Trust: 0.1

sources: VULMON: CVE-2021-36299 // JVNDB: JVNDB-2021-015447 // CNNVD: CNNVD-202111-771

EXTERNAL IDS

db:NVDid:CVE-2021-36299

Trust: 3.4

db:JVNDBid:JVNDB-2021-015447

Trust: 0.8

db:CNNVDid:CNNVD-202111-771

Trust: 0.6

db:VULHUBid:VHN-398183

Trust: 0.1

db:VULMONid:CVE-2021-36299

Trust: 0.1

sources: VULHUB: VHN-398183 // VULMON: CVE-2021-36299 // JVNDB: JVNDB-2021-015447 // CNNVD: CNNVD-202111-771 // NVD: CVE-2021-36299

REFERENCES

url:https://support.emc.com/kb/000191229

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-36299

Trust: 1.4

url:https://vigilance.fr/vulnerability/dell-emc-idrac-three-vulnerabilities-36830

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/chnzzh/idrac-cve-lib

Trust: 0.1

sources: VULHUB: VHN-398183 // VULMON: CVE-2021-36299 // JVNDB: JVNDB-2021-015447 // CNNVD: CNNVD-202111-771 // NVD: CVE-2021-36299

SOURCES

db:VULHUBid:VHN-398183
db:VULMONid:CVE-2021-36299
db:JVNDBid:JVNDB-2021-015447
db:CNNVDid:CNNVD-202111-771
db:NVDid:CVE-2021-36299

LAST UPDATE DATE

2024-08-14T14:44:13.429000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398183date:2021-11-27T00:00:00
db:VULMONid:CVE-2021-36299date:2021-11-27T00:00:00
db:JVNDBid:JVNDB-2021-015447date:2022-11-21T07:10:00
db:CNNVDid:CNNVD-202111-771date:2021-12-07T00:00:00
db:NVDid:CVE-2021-36299date:2021-11-27T03:49:03.110

SOURCES RELEASE DATE

db:VULHUBid:VHN-398183date:2021-11-23T00:00:00
db:VULMONid:CVE-2021-36299date:2021-11-23T00:00:00
db:JVNDBid:JVNDB-2021-015447date:2022-11-21T00:00:00
db:CNNVDid:CNNVD-202111-771date:2021-11-09T00:00:00
db:NVDid:CVE-2021-36299date:2021-11-23T20:15:10.793