CVE-2019-3764
published 2019-11-07CVE-2019-3764: Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization…
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.88%
54.6th percentile
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | idrac7_firmware | < 2.65.65.65 | 2.65.65.65 |
| dell | idrac8_firmware | < 2.70.70.70 | 2.70.70.70 |
| dell | idrac9_firmware | < 3.36.36.36 | 3.36.36.36 |
| dell | integrated_dell_remote_access_controller | >= unspecified < iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36 | iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36 |
| msrc | cm1_kernel_5.10.134.1-2_on_cbl_mariner_1.0 | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv3.05.0MEDIUMCVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
vendor_msrc5.5MEDIUM
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p6v4-55x8-jc35: Dell EMC iDRAC8 versions prior to 2
ghsa_unreviewed·2022-05-24
CVE-2019-3764 [MEDIUM] GHSA-p6v4-55x8-jc35: Dell EMC iDRAC8 versions prior to 2
Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
Microsoft
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The hi
vendor_msrc·2022-08-09·CVSS 5.5
CVE-2021-3764 [MEDIUM] CWE-401 A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The hi
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If
Red Hat
kernel: DoS in ccp_run_aes_gcm_cmd() function
vendor_redhat·2021-08-20·CVSS 5.5
CVE-2021-3764 [MEDIUM] CWE-401 kernel: DoS in ccp_run_aes_gcm_cmd() function
kernel: DoS in ccp_run_aes_gcm_cmd() function
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.
Mitigation: Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installati
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-07
Published