Vulnerability Details CVE-2021-21539
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.6%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.6
References
Products affected by CVE-2021-21539
-
cpe:2.3:o:dell:idrac9_firmware:3.00.00.00
-
cpe:2.3:o:dell:idrac9_firmware:3.11.11.11
-
cpe:2.3:o:dell:idrac9_firmware:3.15.15.15
-
cpe:2.3:o:dell:idrac9_firmware:3.15.17.15
-
cpe:2.3:o:dell:idrac9_firmware:3.15.19.15
-
cpe:2.3:o:dell:idrac9_firmware:3.16.16.16
-
cpe:2.3:o:dell:idrac9_firmware:3.17.17.17
-
cpe:2.3:o:dell:idrac9_firmware:3.17.18.17
-
cpe:2.3:o:dell:idrac9_firmware:3.17.20.17
-
cpe:2.3:o:dell:idrac9_firmware:3.18.18.18
-
cpe:2.3:o:dell:idrac9_firmware:3.19.19.19
-
cpe:2.3:o:dell:idrac9_firmware:3.20.20.20
-
cpe:2.3:o:dell:idrac9_firmware:3.20.21.20
-
cpe:2.3:o:dell:idrac9_firmware:3.21.21.21
-
cpe:2.3:o:dell:idrac9_firmware:3.21.21.22
-
cpe:2.3:o:dell:idrac9_firmware:3.21.23.22
-
cpe:2.3:o:dell:idrac9_firmware:3.21.24.22
-
cpe:2.3:o:dell:idrac9_firmware:3.21.25.22
-
cpe:2.3:o:dell:idrac9_firmware:3.21.26.22
-
cpe:2.3:o:dell:idrac9_firmware:3.22.22.22
-
cpe:2.3:o:dell:idrac9_firmware:3.23.23.23
-
cpe:2.3:o:dell:idrac9_firmware:3.24.24.24
-
cpe:2.3:o:dell:idrac9_firmware:3.30.30.30
-
cpe:2.3:o:dell:idrac9_firmware:3.31.31.31
-
cpe:2.3:o:dell:idrac9_firmware:3.32.32.32
-
cpe:2.3:o:dell:idrac9_firmware:3.34.34.34
-
cpe:2.3:o:dell:idrac9_firmware:3.36.36.36
-
cpe:2.3:o:dell:idrac9_firmware:3.40.40.40
-
cpe:2.3:o:dell:idrac9_firmware:3.42.42.42
-
cpe:2.3:o:dell:idrac9_firmware:4.00.00.00
-
cpe:2.3:o:dell:idrac9_firmware:4.20.20.20