Details of VAR-202201-1369

ID

VAR-202201-1369

CVE

CVE-2021-36348

TITLE

iDRAC9 Injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018077

DESCRIPTION

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. iDRAC9 There is an injection vulnerability in.Information is obtained and service operation is interrupted (DoS) It may be in a state. Dell Emc Idrac is a kind of hardware located on the server motherboard from Dell (Dell). For system administrators to update and manage Dell systems. Dell EMC iDRAC has a security vulnerability that could allow an unauthenticated remote attacker to deny access to the iDRAC web server

Trust: 2.25

sources: NVD: CVE-2021-36348 // JVNDB: JVNDB-2021-018077 // CNVD: CNVD-2022-08181 // VULMON: CVE-2021-36348

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-08181

AFFECTED PRODUCTS

vendor:	dell	model:	integrated dell remote access controller 9	scope:	lt	version:	5.00.20.00	Trust: 1.0
vendor:	デル	model:	dell emc idrac9	scope:	eq	version:	dell emc idrac9 firmware 5.00.20.00	Trust: 0.8
vendor:	デル	model:	dell emc idrac9	scope:	eq	version:	-	Trust: 0.8
vendor:	dell	model:	emc idrac9	scope:	lt	version:	5.00.20.00	Trust: 0.6

sources: CNVD: CNVD-2022-08181 // JVNDB: JVNDB-2021-018077 // NVD: CVE-2021-36348

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36348
value:	HIGH
Trust: 1.0
security_alert@emc.com:	CVE-2021-36348
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-36348
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-08181
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202201-1642
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-36348
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36348
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-08181
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-36348
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
security_alert@emc.com:	CVE-2021-36348
baseSeverity:	MEDIUM
baseScore:	5.9
vectorString:	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	LOW
exploitabilityScore:	1.6
impactScore:	4.2
version:	3.0
Trust: 1.0
NVD:	CVE-2021-36348
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-08181 // VULMON: CVE-2021-36348 // JVNDB: JVNDB-2021-018077 // CNNVD: CNNVD-202201-1642 // NVD: CVE-2021-36348 // NVD: CVE-2021-36348

PROBLEMTYPE DATA

problemtype:	CWE-89	Trust: 1.0
problemtype:	CWE-74	Trust: 1.0
problemtype:	injection (CWE-74) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-018077 // NVD: CVE-2021-36348

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-1642

TYPE

injection

Trust: 0.6

sources: CNNVD: CNNVD-202201-1642

PATCH

title:	DSA-2021-259	url:	https://www.dell.com/support/kbdoc/ja-jp/000194038/dsa-2021-259	Trust: 0.8
title:	Patch for Unknown Vulnerability in Dell EMC iDRAC (CNVD-2022-08181)	url:	https://www.cnvd.org.cn/patchInfo/show/317076	Trust: 0.6
title:	Dell Emc Idrac Repair measures for injecting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=180862	Trust: 0.6
title:	-	url:	https://github.com/chnzzh/iDRAC-CVE-lib	Trust: 0.1

sources: CNVD: CNVD-2022-08181 // VULMON: CVE-2021-36348 // JVNDB: JVNDB-2021-018077 // CNNVD: CNNVD-202201-1642

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36348	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-018077	Trust: 0.8
db:	CNVD	id:	CNVD-2022-08181	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-1642	Trust: 0.6
db:	VULMON	id:	CVE-2021-36348	Trust: 0.1

sources: CNVD: CNVD-2022-08181 // VULMON: CVE-2021-36348 // JVNDB: JVNDB-2021-018077 // CNNVD: CNNVD-202201-1642 // NVD: CVE-2021-36348

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-36348	Trust: 2.0
url:	https://www.dell.com/support/kbdoc/000194038	Trust: 1.7
url:	https://vigilance.fr/vulnerability/dell-emc-idrac-three-vulnerabilities-37300	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/74.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/chnzzh/idrac-cve-lib	Trust: 0.1

sources: CNVD: CNVD-2022-08181 // VULMON: CVE-2021-36348 // JVNDB: JVNDB-2021-018077 // CNNVD: CNNVD-202201-1642 // NVD: CVE-2021-36348

SOURCES

db:	CNVD	id:	CNVD-2022-08181
db:	VULMON	id:	CVE-2021-36348
db:	JVNDB	id:	JVNDB-2021-018077
db:	CNNVD	id:	CNNVD-202201-1642
db:	NVD	id:	CVE-2021-36348

LAST UPDATE DATE

2024-08-14T14:44:05.661000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-08181	date:	2022-02-02T00:00:00
db:	VULMON	id:	CVE-2021-36348	date:	2022-01-31T00:00:00
db:	JVNDB	id:	JVNDB-2021-018077	date:	2023-03-23T05:11:00
db:	CNNVD	id:	CNNVD-202201-1642	date:	2022-03-05T00:00:00
db:	NVD	id:	CVE-2021-36348	date:	2022-01-31T21:34:03.427

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-08181	date:	2022-02-02T00:00:00
db:	VULMON	id:	CVE-2021-36348	date:	2022-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2021-018077	date:	2023-03-23T00:00:00
db:	CNNVD	id:	CNNVD-202201-1642	date:	2022-01-19T00:00:00
db:	NVD	id:	CVE-2021-36348	date:	2022-01-25T23:15:08.880