Detections
Analytics

Dell iDRAC Multiple Vulnerabilities (DSA-2021-073)

high Nessus Plugin ID 148956

Language:

Synopsis

The remote host is affected by multiple vulnerabilities.

Description

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple vulnerabilities:

- A Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker may potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. (CVE-2021-21539)

 - A stack-based overflow vulnerability. A remote authenticated attacker may potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. (CVE-2021-21540)

 - A DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. (CVE-2021-21541)

 - Multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges may potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. (CVE-2021-21543)

 - An improper authentication vulnerability. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.
 (CVE-2021-21544)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the remote host to iDRAC9 firmware 4.40.00.00 or later.

See Also

http://www.nessus.org/u?d3c31d3d

Plugin Details

Severity: High

ID: 148956

File Name: drac_dsa-2021-073.nasl

Version: 1.5

Type: remote

Family: CGI abuses

Published: 4/23/2021

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS Score Source: CVE-2021-21540

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/h:dell:idrac9

Required KB Items: installed_sw/iDRAC

Exploit Ease: No known exploits are available

Patch Publication Date: 4/14/2020

Vulnerability Publication Date: 4/14/2020

Reference Information

CVE: CVE-2021-21539, CVE-2021-21540, CVE-2021-21541, CVE-2021-21543, CVE-2021-21544

IAVA: 2021-A-0186