CVE-2021-36347 – This CVE describes a stack-based buffer overflo... (How to Fix)

Q: What is the severity of CVE-2021-36347?

CVE-2021-36347 has a CVSS score of 7.2 (HIGH). This CVE describes a stack-based buffer overflow vulnerability in Dell iDRAC9 and iDRAC8 remote management controllers. An authenticated attacker with high privileges could exploit this to execute arbitrary code and gain access to the iDRAC operating system. This affects organizations using vulnerable iDRAC versions for server management.

📋 TL;DR

This CVE describes a stack-based buffer overflow vulnerability in Dell iDRAC9 and iDRAC8 remote management controllers. An authenticated attacker with high privileges could exploit this to execute arbitrary code and gain access to the iDRAC operating system. This affects organizations using vulnerable iDRAC versions for server management.

💻 Affected Systems

Products:

Dell iDRAC9
Dell iDRAC8

Versions: iDRAC9 versions prior to 5.00.20.00, iDRAC8 versions prior to 2.82.82.82

Operating Systems: iDRAC firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access with high privileges (administrator-level credentials).

📦 What is this software?

Integrated Dell Remote Access Controller 8 Firmware by Dell

View all CVEs affecting Integrated Dell Remote Access Controller 8 Firmware →

Integrated Dell Remote Access Controller 9 Firmware by Dell

View all CVEs affecting Integrated Dell Remote Access Controller 9 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of iDRAC system leading to persistent access, credential theft, and potential lateral movement to managed servers.

🟠

Likely Case

Attacker gains control of iDRAC management interface, enabling server manipulation, data exfiltration, or denial of service.

🟢

If Mitigated

Limited impact due to network segmentation and proper access controls preventing exploitation.

🌐 Internet-Facing: HIGH if iDRAC interfaces are exposed to internet without proper controls.

🏢 Internal Only: MEDIUM due to requiring authenticated high-privilege access, but still significant for internal attackers.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires authentication with high privileges and knowledge of buffer overflow exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iDRAC9 5.00.20.00 or later, iDRAC8 2.82.82.82 or later

Vendor Advisory: https://www.dell.com/support/kbdoc/000194038

Restart Required: Yes

Instructions:

1. Download latest iDRAC firmware from Dell Support. 2. Log into iDRAC web interface. 3. Navigate to Maintenance > System Update. 4. Upload and install firmware update. 5. Reboot iDRAC after installation.

🔧 Temporary Workarounds

Restrict iDRAC Network Access

all

Limit iDRAC management interface access to trusted networks only.

Implement Strong Authentication Controls

all

Enforce multi-factor authentication and strong password policies for iDRAC accounts.

🧯 If You Can't Patch

Isolate iDRAC interfaces on separate VLAN with strict firewall rules
Implement network segmentation to prevent lateral movement from compromised iDRAC

🔍 How to Verify

Check if Vulnerable:

Check iDRAC firmware version via web interface or SSH: racadm getversion

Check Version:

racadm getversion | grep -i firmware

Verify Fix Applied:

Confirm firmware version is iDRAC9 >= 5.00.20.00 or iDRAC8 >= 2.82.82.82

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts followed by successful admin login
Unusual firmware update or configuration change activities

Network Indicators:

Unexpected outbound connections from iDRAC interfaces
Traffic patterns suggesting buffer overflow attempts

SIEM Query:

source="idrac*" AND (event_type="authentication" AND result="success" AND user="admin") OR (event_type="firmware_update")

📊 Metadata

CVE ID: CVE-2021-36347

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: January 25, 2022

Last Updated: November 21, 2024

🔗 References

https://www.dell.com/support/kbdoc/000194038 Vendor Advisory
https://www.dell.com/support/kbdoc/000194038 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-36347, you might also want to check these: