CVE-2021-21544

EPSS 0.21%
Veröffentlicht 30.04.2021 21:15:08
Zuletzt bearbeitet 21.11.2024 05:48:33
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Idrac9 Firmware Version < 4.40.00.00

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.438

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N
security_alert@emc.com	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-602 Client-Side Enforcement of Server-Side Security

The product is composed of a server that relies on the client to implement a mechanism that is intended to protect the server.

https://www.dell.com/support/kbdoc/000185293

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-21544

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-21544

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-21544

EUVD