Artikelnummer: 000194038
Medium
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36347 | Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 6.2 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L |
| CVE-2021-36348 | Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2021-36346 | Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Third-party Component |
CVE | More information |
| OpenSSL | CVE-2021-3712 | See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE. |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
| CVE-2021-36347 | Dell EMC iDRAC9 versions before 5.00.20.00 and iDRAC8 versions before 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges may potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system. | 6.2 | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L |
| CVE-2021-36348 | Dell EMC iDRAC9 versions before 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC. | 5.9 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L |
| CVE-2021-36346 | Dell EMC iDRAC8 versions before 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to deny access to the iDRAC webserver. | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| Third-party Component |
CVE | More information |
| OpenSSL | CVE-2021-3712 | See NVD (https://nvd.nist.gov/vuln/detail/CVE-2021-3712) for individual scores for each CVE. |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36347 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m | |
| CVE-2021-36348 | Dell EMC iDRAC9 |
Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m |
| CVE-2021-36346 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| CVE-2021-3712 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 |
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.10.00.00. | 5.10.00.00 | https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9 |
| CVEs Addressed | Product | Affected Versions | Updated Versions | Link to Update |
| CVE-2021-36347 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m | |
| CVE-2021-36348 | Dell EMC iDRAC9 |
Versions before 5.00.20.00. | 5.00.20.00 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=19c2m |
| CVE-2021-36346 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 | https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| CVE-2021-3712 | Dell EMC iDRAC8 | Versions before 2.82.82.82. | 2.82.82.82 |
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=wgnhp |
| Dell EMC iDRAC9 | Versions before 5.10.00.00. | 5.10.00.00 | https://www.dell.com/support/home/drivers/driversdetails?driverid=p8hc9 |
CVE-2021-36346: Dell Technologies would like to thank Ken Pyle from CYBIR for reporting this issue.
| Revision | Date | Description |
| 1.0 | 2021-12-16 | Initial Release |
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
16 dec 2021
2
Dell Security Advisory