cbcvebase.

Dell Idrac9 Firmware vulnerabilities

21 known vulnerabilities affecting dell/idrac9_firmware.

Total CVEs
21
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH5MEDIUM10LOW1

Vulnerabilities

Page 1 of 2
CVE-2021-21538P2CRITICALCVSS 10.0Exploited≥ 4.40.00.00, < 4.40.10.002021-07-29
CVE-2021-21538 [CRITICAL] CWE-287 CVE-2021-21538: Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authenti Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
nvd
CVE-2019-3706P2CRITICALCVSS 9.8v3.20.21.20v3.21.24.22+1 more2019-04-26
CVE-2019-3706 [CRITICAL] CVE-2019-3706: Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authe Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.
nvd
CVE-2019-3707P2CRITICALCVSS 9.8fixed in 3.30.30.302019-04-26
CVE-2019-3707 [CRITICAL] CVE-2019-3707: Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remot Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.
nvd
CVE-2019-3705P2CRITICALCVSS 9.8fixed in 3.20.21.202019-04-26
CVE-2019-3705 [CRITICAL] CWE-120 CVE-2019-3705: Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versi Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the s
nvd
CVE-2020-5344P2CRITICALCVSS 9.8fixed in 4.00.00.002020-03-31
CVE-2020-5344 [CRITICAL] CWE-121 CVE-2020-5344: Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a st Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
nvd
CVE-2018-1244P3HIGHCVSS 8.8fixed in 3.21.21.212018-07-02
CVE-2018-1244 [HIGH] CWE-77 CVE-2018-1244: Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contai Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
nvd
CVE-2018-15774P3HIGHCVSS 8.8fixed in 3.20.21.20≥ 3.21.21.21, < 3.21.24.222018-12-13
CVE-2018-15774 [HIGH] CWE-863 CVE-2018-15774: Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24 Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
nvd
CVE-2021-21540P3HIGHCVSS 8.1fixed in 4.40.00.002021-04-30
CVE-2021-21540 [HIGH] CWE-121 CVE-2021-21540: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.
nvd
CVE-2018-1243P3HIGHCVSS 7.5fixed in 3.21.21.212018-07-02
CVE-2018-1243 [HIGH] CWE-358 CVE-2018-1243: Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, ver Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
nvd
CVE-2020-5366P3MEDIUMCVSS 6.5fixed in 4.20.20.202020-07-09
CVE-2020-5366 [MEDIUM] CWE-22 CVE-2020-5366: Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authen Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
nvd
CVE-2021-21539P4HIGHCVSS 7.1fixed in 4.40.00.002021-04-30
CVE-2021-21539 [HIGH] CWE-367 CVE-2021-21539: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condi Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.
nvd
CVE-2025-22397P4MEDIUMCVSS 4.9≥ 6.10.80.00, < 7.00.00.181≥ 7.00.00.183, < 7.20.10.502025-11-06
CVE-2025-22397 [MEDIUM] CWE-22 CVE-2025-22397: Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G vers Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attack
nvd
CVE-2018-1249P4MEDIUMCVSS 5.9fixed in 3.21.21.212018-07-02
CVE-2018-1249 [MEDIUM] CVE-2018-1249: Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.
nvd
CVE-2021-21541P4MEDIUMCVSS 6.1fixed in 4.40.00.002021-04-30
CVE-2021-21541 [MEDIUM] CWE-79 CVE-2021-21541: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser
nvd
CVE-2025-26482P4MEDIUMCVSS 4.9fixed in 7.00.00.181fixed in 7.20.10.502025-09-25
CVE-2025-26482 [MEDIUM] CWE-1258 CVE-2025-26482: Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnera Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
nvd
CVE-2022-34435P4MEDIUMCVSS 4.9fixed in 6.00.30.002023-01-18
CVE-2022-34435 [MEDIUM] CWE-20 CVE-2022-34435: Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Raca Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
nvd
CVE-2020-26198P4MEDIUMCVSS 6.1≤ 4.32.10.00v4.40.00.002020-12-16
CVE-2020-26198 [MEDIUM] CWE-79 CVE-2020-26198: Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
nvd
CVE-2021-21543P4MEDIUMCVSS 4.8fixed in 4.40.00.002021-04-30
CVE-2021-21543 [MEDIUM] CWE-79 CVE-2021-21543: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabil Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their
nvd
CVE-2021-21542P4MEDIUMCVSS 4.8fixed in 4.40.00.002021-04-30
CVE-2021-21542 [MEDIUM] CWE-79 CVE-2021-21542: Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabil Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitte
nvd
CVE-2019-3764P4MEDIUMCVSS 4.3fixed in 3.36.36.362019-11-07
CVE-2019-3764 [MEDIUM] CWE-285 CVE-2019-3764: Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 version Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
nvd
Dell Idrac9 Firmware vulnerabilities | cvebase