CVE-2021-36301

moderate-risk
Published 2021-11-23

Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.

Do I need to act?

!
14.5% chance of exploitation in next 30 days
EPSS score — higher than 86% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.9/10 Medium
NETWORK / HIGH complexity

Affected Products (2)

Emc Idrac9 Firmware

Affected Vendors

Dell

References (2)

Patch https://support.emc.com/kb/000191229
Patch https://support.emc.com/kb/000191229
37
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 12/34 · Low
Exposure 7/34 · Low