CVE-2021-21513
CVE-2021-21513
In short
Dell EMC's server management software (OMSA 9.5 on Windows) has a flaw that lets attackers skip login and gain admin access without credentials. This is dangerous because it gives complete control of critical servers to anyone on the network.
Technical detail
CWE-287 authentication bypass in Dell EMC OMSA 9.5 when Distributed Web Server (DWS) is enabled on Windows. Remote unauthenticated attackers can bypass authentication mechanisms to obtain administrative privileges on affected systems, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
Dell EMC OpenManage Server Administrator (OMSA) version 9.5 Microsoft Windows installations with Distributed Web Server (DWS) enabled configuration contains an authentication bypass vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain admin access on the affected system.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Affected products
Dell · Dell Open Manage Server AdministratorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →