Main Vulnerability Database Vulnerabilities #VU66164

#VU66164 Stack-based buffer overflow in iDRAC9 and iDRAC8 - CVE-2021-36347

Published: August 8, 2022

Vulnerability identifier: #VU66164

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-36347

CWE-ID: CWE-121

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
iDRAC9
iDRAC8

Software vendor:
Dell

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. An authenticated remote user with high privileges can exploit this vulnerability to control process execution and gain access to the iDRAC operating system.

Remediation

Install updates from vendor's website.

External links

https://www.dell.com/support/kbdoc/000194038