CVE-2021-36347
Description
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in Dell iDRAC9 and iDRAC8 allows authenticated high-privilege remote attacker to execute code and gain OS access.
Vulnerability
Dell iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability [1]. The issue resides in the iDRAC firmware and can be triggered by an authenticated remote attacker with high privileges.
Exploitation
An attacker must have network access to the iDRAC interface and authenticate with high-privilege credentials (e.g., administrator). No user interaction is required; the attacker can send crafted input to trigger the overflow [1].
Impact
Successful exploitation allows the attacker to control process execution and gain access to the iDRAC operating system, potentially compromising the confidentiality, integrity, and availability of the management controller [1].
Mitigation
Dell has released updates: iDRAC9 version 5.00.20.00 and iDRAC8 version 2.82.82.82. Users should apply these updates to remediate the vulnerability [1]. No workarounds are documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.dell.com/support/kbdoc/000194038mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.