CVE-2021-36347

HIGH

iDRAC9 <5.00.20.00 - iDRAC8 <2.82.82.82 - Buffer Overflow

Title source: llm
STIX 2.1

Description

iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/kbdoc/000194038

Scores

CVSS v3 7.2
EPSS 0.0374
EPSS Percentile 88.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-121 CWE-787
Status published
Products (2)
dell/integrated_dell_remote_access_controller_8_firmware < 2.82.82.82
dell/integrated_dell_remote_access_controller_9_firmware < 5.00.20.00
Published Jan 25, 2022
Tracked Since Feb 18, 2026