CVE-2021-21585 CRITICAL

CVE-2021-21585

Vendor Dell
Product Dell OpenManage Enterprise
Published August 9, 2021
Last update September 16, 2024

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands.

Key dates

02Disclosure timeline

August 9, 2021 CVE published
September 16, 2024 Record updated