CVE-2021-36300
CVE-2021-36300
In short
iDRAC9 (Dell's remote management tool) versions before 5.00.00.00 don't properly validate user input, allowing an attacker to crash the web server or leak sensitive information without needing to log in.
Technical detail
An improper input validation vulnerability (CWE-89) in iDRAC9 allows unauthenticated remote attackers to send crafted requests to the web interface, potentially causing denial of service via webserver crash or triggering information disclosure. No authentication is required to trigger the vulnerability.
Summary generated and translated by AI from the official description.
iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L
Affected products
Dell · Integrated Dell Remote Access Controller (iDRAC)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.emc.com/kb/000191229