CVE-2021-36301
CVE-2021-36301
In short
Dell iDRAC management tools contain a buffer overflow flaw that allows an authenticated attacker to crash the service or execute malicious code on the server. This affects versions before iDRAC 9 4.40.40.00 and iDRAC 8 2.80.80.80.
Technical detail
A stack buffer overflow exists in the Racadm component of Dell iDRAC 9 and 8, exploitable by an authenticated remote attacker. The vulnerability allows arbitrary code execution with the privileges of the affected process, potentially compromising the underlying host operating system. Attack vector requires valid credentials and network access to the iDRAC interface.
Summary generated and translated by AI from the official description.
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
Dell · Integrated Dell Remote Access Controller (iDRAC)Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.emc.com/kb/000191229