CVE-2021-21580

Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message is legitimate.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
dellCNA
4.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
dellemc_idrac8_firmware
𝑥
< 2.80.80.80
dellemc_idrac9_firmware
𝑥
< 5.00.00.00
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.dell.com/support/kbdoc/000189193
https://www.dell.com/support/kbdoc/000189193