CVE-2021-21539

Description


Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.

Related CPE's


CvssV3 impact


BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

HIGH

Scope

UNCHANGED

AttackVector

NETWORK

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

LOW

BaseScore

7.1

VectorString

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Version

3.1

UserInteraction

REQUIRED

CvssV2 impact


AccessComplexity

HIGH

ConfidentialityImpact

PARTIAL

AvailabilityImpact

PARTIAL

IntegrityImpact

PARTIAL

BaseScore

4.6

VectorString

AV:N/AC:H/Au:S/C:P/I:P/A:P

Version

2.0

AccessVector

NETWORK

Authentication

SINGLE