CVE-2021-36299 — HIGH (7.1)

Q: How severe is CVE-2021-36299?

CVE-2021-36299 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-36299?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Idrac9 Firmware.

Vulnerability Description

Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Dell	Emc Idrac9 Firmware	>= 4.40.00.00, < 4.40.29.00

Related Weaknesses (CWE)

CWE-89

References

https://support.emc.com/kb/000191229PatchVendor Advisory
https://support.emc.com/kb/000191229PatchVendor Advisory

FAQ

What is CVE-2021-36299?

CVE-2021-36299 is a vulnerability with a CVSS score of 7.1 (HIGH). Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially expl...

How severe is CVE-2021-36299?

CVE-2021-36299 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-36299?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Emc Idrac9 Firmware.