CVE-2021-21505 HIGH

CVE-2021-21505

Vendor Dell
Product Dell EMC Integrated System for Microsoft Azure Stack Hub
Weakness CWE-255
Published May 6, 2021
Last update September 17, 2024

CVSS base score

8.0/10
Attack vector Adjacent
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges.

Key dates

02Disclosure timeline

May 6, 2021 CVE published
September 17, 2024 Record updated