CVE-2021-36348 MEDIUM

CVE-2021-36348

Vendor Dell
Product Integrated Dell Remote Access Controller (iDRAC)
Weakness CWE-89 · SQLi
Published January 25, 2022
Last update September 17, 2024

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L

What the vulnerability does

01Description

iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.

Key dates

02Disclosure timeline

January 25, 2022 CVE published
September 17, 2024 Record updated