Headline
CVE-2021-21510: DSA-2021-041: Dell iDRAC 8 Security Update for a host header injection vulnerability.
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
Vaikutus
Medium
Tiedot
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2021-21510
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Proprietary Code CVE(s)
Description
CVSS Base Score
CVSS Vector String
CVE-2021-21510
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.
Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen
Product
Affected Version(s)
Updated Version(s)
CVE
Link to Update
iDRAC8
Versions prior to 2.75.100.75
Dell iDRAC8 2.75.100.75
CVE-2021-21510
Customers can download software, including the latest release of iDRAC firmware, from the Dell Support site at https://www.dell.com/support/home/
Customers can find the iDRAC documentation from the Dell EMC Support site at www.dell.com/idracmanuals
Product
Affected Version(s)
Updated Version(s)
CVE
Link to Update
iDRAC8
Versions prior to 2.75.100.75
Dell iDRAC8 2.75.100.75
CVE-2021-21510
Customers can download software, including the latest release of iDRAC firmware, from the Dell Support site at https://www.dell.com/support/home/
Customers can find the iDRAC documentation from the Dell EMC Support site at www.dell.com/idracmanuals
Kiitokset
CVE-2021-21510: Dell would like to thank Ken Pyle from CYBIR for reporting this vulnerability.
Versiohistoria
Revision
Date
Description
1.0
2021-03-04
Initial Release
Asiaan liittyvät tiedot
Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide
iDRAC8, iDRAC8 with Lifecycle Controller Version 2.12.12.12, iDRAC8 with Lifecycle Controller Version 2.14.14.12, iDRAC8 with Lifecycle Controller Version 2.17.17.13, iDRAC8 with Lifecycle Controller Version 2.18.17.13Näytä lisää
23 marrask. 2021