CVE-2021-21538

Vulnerability

An improper authentication vulnerability exists in Dell EMC iDRAC9 firmware versions 4.40.00.00 and later, but prior to 4.40.10.00. The iDRAC9 remote management controller fails to properly verify the identity of a user before granting access to the virtual console interface. This flaw allows an unauthenticated attacker to bypass authentication checks and directly connect to the virtual console without valid credentials [1].

Exploitation

A remote unauthenticated attacker can exploit this vulnerability by sending specially crafted network requests to the iDRAC9 management interface. No prior authentication or network position beyond reachability to the iDRAC9 device is required. The attacker does not need any user interaction or special privileges on the target system [1].

Impact

Successful exploitation grants the attacker full interactive access to the host server's virtual console. This provides the ability to view the console output, send keystrokes, and potentially execute arbitrary commands on the managed server, effectively gaining control over the operating system and all data accessible through the console session. The confidentiality, integrity, and availability of the managed system are all compromised [1].

Mitigation

Dell has released iDRAC9 firmware version 4.40.10.00 to fix this vulnerability. Users should update their iDRAC9 firmware to 4.40.10.00 or later as soon as possible. The update can be downloaded from the Dell Support site. No workaround is available for affected versions [1].