CVE-2021-21539

Name of the Vulnerable Software and Affected Versions Dell EMC iDRAC9 versions prior to 4.40.00.00

Description The issue is related to a Time-of-check Time-of-use (TOCTOU) race condition. This could allow a remote authenticated attacker to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.

Recommendations For versions prior to 4.40.00.00, update to version 4.40.00.00 or later to resolve the issue. As a temporary workaround, consider restricting simultaneous access to iDRAC through the web interface to minimize the risk of exploitation.