1. Home
  2. CVE Database
  3. CVE-2021-36348
HIGH · 8.1

CVE-2021-36348

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information ...

Vulnerability Description

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.

CVSS Score

8.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
DellIntegrated Dell Remote Access Controller 9 Firmware< 5.00.20.00
DellIntegrated Dell Remote Access Controller 9-

Related Weaknesses (CWE)

CWE-74CWE-89

References

FAQ

What is CVE-2021-36348?

CVE-2021-36348 is a vulnerability with a CVSS score of 8.1 (HIGH). iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information ...

How severe is CVE-2021-36348?

CVE-2021-36348 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-36348?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Integrated Dell Remote Access Controller 9 Firmware, Dell Integrated Dell Remote Access Controller 9.