CVE-2021-21510

MEDIUM

Dell iDRAC8 < 2.75.100.75 - Unauthenticated Host Header Injection

Title source: llm

Description

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.dell.com/support/kbdoc/en-us/000183758/dsa-2021-041-dell-emc-idrac-8-security-update-for-a-host-header-injection-vulnerability

Scores

CVSS v3 6.1

EPSS 0.0081

EPSS Percentile 74.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-74 CWE-20

Status published

Products (1)

dell/idrac8_firmware < 2.75.100.75

Published Mar 08, 2021

Tracked Since Feb 18, 2026