Main Vulnerability Database Vulnerabilities #VU66218

#VU66218 Improper Authentication in iDRAC9 - CVE-2021-21544

Published: August 9, 2022

Vulnerability identifier: #VU66218

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-21544

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
iDRAC9

Software vendor:
Dell

Description

The vulnerability allows a remote user to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote user with high privileges can exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.

Remediation

Install updates from vendor's website.

External links

https://www.dell.com/support/kbdoc/000185293

#VU66218 Improper Authentication in iDRAC9 - CVE-2021-21544

Description

Remediation

External links

Please verify you're human