CVE-2021-21535 HIGH

CVE-2021-21535

Vendor Dell
Product Dell Hybrid Client (DHC)
Weakness CWE-306 · Missing auth
Published April 30, 2021
Last update September 16, 2024

CVSS base score

7.4/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Dell Hybrid Client versions prior to 1.5 contain a missing authentication for a critical function vulnerability. A local unauthenticated attacker may exploit this vulnerability in order to gain root level access to the system.

Key dates

02Disclosure timeline

April 30, 2021 CVE published
September 16, 2024 Record updated