#VU66164 Stack-based buffer overflow in iDRAC9 and iDRAC8


Vulnerability identifier: #VU66164

Vulnerability risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-36347

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
iDRAC9
Web applications / Remote management & hosting panels
iDRAC8
Web applications / Remote management & hosting panels

Vendor:

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. An authenticated remote user with high privileges can exploit this vulnerability to control process execution and gain access to the iDRAC operating system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions


External links
http://www.dell.com/support/kbdoc/000194038


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability