Details of VAR-202201-1368

ID

VAR-202201-1368

CVE

CVE-2021-36346

TITLE

Dell iDRAC8 Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018079

DESCRIPTION

Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver. Dell iDRAC8 Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Dell EMC iDRAC is a kind of hardware located on the server motherboard from Dell (Dell). For system administrators to update and manage Dell systems. A denial-of-service vulnerability in Dell EMC iDRAC stems from improper handling of input error messages, which could be exploited by a remote, high-privileged attacker to control process execution and gain access to the iDRAC operating system

Trust: 2.25

sources: NVD: CVE-2021-36346 // JVNDB: JVNDB-2021-018079 // CNVD: CNVD-2022-08034 // VULMON: CVE-2021-36346

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-08034

AFFECTED PRODUCTS

vendor:	dell	model:	integrated dell remote access controller 8	scope:	lt	version:	2.82.82.82	Trust: 1.0
vendor:	デル	model:	dell emc idrac8	scope:	eq	version:	dell emc idrac8 firmware 2.82.82.82	Trust: 0.8
vendor:	デル	model:	dell emc idrac8	scope:	eq	version:	-	Trust: 0.8
vendor:	dell	model:	emc idrac	scope:	lt	version:	2.82.82.82	Trust: 0.6

sources: CNVD: CNVD-2022-08034 // JVNDB: JVNDB-2021-018079 // NVD: CVE-2021-36346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36346
value:	MEDIUM
Trust: 1.0
security_alert@emc.com:	CVE-2021-36346
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-36346
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-08034
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202201-1645
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-36346
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36346
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-08034
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

security_alert@emc.com:	CVE-2021-36346
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2021-36346
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2022-08034 // VULMON: CVE-2021-36346 // JVNDB: JVNDB-2021-018079 // CNNVD: CNNVD-202201-1645 // NVD: CVE-2021-36346 // NVD: CVE-2021-36346

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-287	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-018079 // NVD: CVE-2021-36346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-1645

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202201-1645

PATCH

title:	DSA-2021-259	url:	https://www.dell.com/support/kbdoc/ja-jp/000194038/dsa-2021-259	Trust: 0.8
title:	Patch for Dell EMC iDRAC Denial of Service Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/316781	Trust: 0.6
title:	Dell EMC iDRAC Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=183080	Trust: 0.6
title:	-	url:	https://github.com/chnzzh/iDRAC-CVE-lib	Trust: 0.1

sources: CNVD: CNVD-2022-08034 // VULMON: CVE-2021-36346 // JVNDB: JVNDB-2021-018079 // CNNVD: CNNVD-202201-1645

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36346	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-018079	Trust: 0.8
db:	CNVD	id:	CNVD-2022-08034	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-1645	Trust: 0.6
db:	VULMON	id:	CVE-2021-36346	Trust: 0.1

sources: CNVD: CNVD-2022-08034 // VULMON: CVE-2021-36346 // JVNDB: JVNDB-2021-018079 // CNNVD: CNNVD-202201-1645 // NVD: CVE-2021-36346

REFERENCES

url:	https://www.dell.com/support/kbdoc/en-us/000194038/dsa-2021-259	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36346	Trust: 1.4
url:	https://vigilance.fr/vulnerability/dell-emc-idrac-three-vulnerabilities-37300	Trust: 1.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/chnzzh/idrac-cve-lib	Trust: 0.1

sources: CNVD: CNVD-2022-08034 // VULMON: CVE-2021-36346 // JVNDB: JVNDB-2021-018079 // CNNVD: CNNVD-202201-1645 // NVD: CVE-2021-36346

SOURCES

db:	CNVD	id:	CNVD-2022-08034
db:	VULMON	id:	CVE-2021-36346
db:	JVNDB	id:	JVNDB-2021-018079
db:	CNNVD	id:	CNNVD-202201-1645
db:	NVD	id:	CVE-2021-36346

LAST UPDATE DATE

2024-08-14T14:55:38.350000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-08034	date:	2022-02-01T00:00:00
db:	VULMON	id:	CVE-2021-36346	date:	2022-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-018079	date:	2023-03-23T05:16:00
db:	CNNVD	id:	CNNVD-202201-1645	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-36346	date:	2022-01-31T21:38:16.307

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-08034	date:	2022-01-30T00:00:00
db:	VULMON	id:	CVE-2021-36346	date:	2022-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-018079	date:	2023-03-23T00:00:00
db:	CNNVD	id:	CNNVD-202201-1645	date:	2022-01-19T00:00:00
db:	NVD	id:	CVE-2021-36346	date:	2022-01-25T23:15:08.773