Rewterz Threat Alert – APT SideWinder – Active IOCs
June 16, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
June 16, 2021Rewterz Threat Alert – APT SideWinder – Active IOCs
June 16, 2021Rewterz Threat Alert – SNAKE Ransomware – Active IOCs
June 16, 2021Severity
Medium
Analysis Summary
CVE-2021-21539
A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.
CVE-2021-21540
A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.
CVE-2021-21541
A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.
CVE-2021-21542
A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
CVE-2021-21543
A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application.
CVE-2021-21544
A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user.
Impact
- Unauthorized Access
- Information Theft
- Privilege Escalation
- Code Execution
Affected Vendors
Dell
Affected Products
- Dell ECS Appliancce Hardware Gen3 EX300
- Dell ECS Appliance Hardware Gen3 EX500
- Dell ECS Appliance Hardware Gen3 EXF900
Remediation
For the complete list of affected products and mitigation techniques refer to the vendor website at