cbcvebase.
CVE-2021-36347
published 2022-01-25

CVE-2021-36347: iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote…

PriorityP348high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.40%
81.9th percentile
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.

Affected

3 ranges
VendorProductVersion rangeFixed in
dellintegrated_dell_remote_access_controller>= unspecified < iDRAC8: 2.82.82.82, iDRAC9: 5.00.20.00iDRAC8: 2.82.82.82, iDRAC9: 5.00.20.00
dellintegrated_dell_remote_access_controller_8_firmware< 2.82.82.822.82.82.82
dellintegrated_dell_remote_access_controller_9_firmware< 5.00.20.005.00.20.00

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.2MEDIUMCVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.