CVE-2021-36347

{"id": "CVE-2021-36347", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "security_alert@emc.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.2, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 0.7}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2022-01-25T23:15:08.827", "references": [{"url": "https://www.dell.com/support/kbdoc/000194038", "tags": ["Vendor Advisory"], "source": "security_alert@emc.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "security_alert@emc.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system."}, {"lang": "es", "value": "iDRAC9 versiones anteriores a la 5.00.20.00 y iDRAC8 versiones anteriores a la 2.82.82.82 contienen una vulnerabilidad de desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria. Un atacante remoto autenticado con altos privilegios podr\u00eda explotar esta vulnerabilidad para controlar la ejecuci\u00f3n de procesos y conseguir acceso al sistema operativo de iDRAC"}], "lastModified": "2022-01-31T21:34:35.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:integrated_dell_remote_access_controller_8_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5092F28-65C0-4994-9F57-896D69D4F3B8", "versionEndExcluding": "2.82.82.82"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:integrated_dell_remote_access_controller_8:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CE47DA2F-7C56-4CCB-B4E5-CA3E3998CCB1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dell:integrated_dell_remote_access_controller_9_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F025291F-3C39-444C-9241-D713BA582FB7", "versionEndExcluding": "5.00.20.00"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dell:integrated_dell_remote_access_controller_9:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F4D77E0-99D1-49BC-B873-82DFF508E20D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security_alert@emc.com"}