Vulnerabilities > CVE-2021-21505 - Insecure Default Initialization of Resource vulnerability in Dell EMC Integrated System for Microsoft Azure Stack HUB Firmware 1906/2011

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
dell
CWE-1188
critical

Summary

Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an undocumented default iDRAC account. A remote unauthenticated attacker, with the knowledge of the default credentials, could potentially exploit this to log in to the system to gain root privileges.