Dell Integrated Dell Remote Access Controller vulnerabilities
26 known vulnerabilities affecting dell/integrated_dell_remote_access_controller.
Total CVEs
26
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH7MEDIUM16LOW1
Vulnerabilities
Page 1 of 2
CVE-2021-21538P2CRITICALCVSS 10.0Exploited≥ unspecified, < 4.40.10.002021-07-29
CVE-2021-21538 [CRITICAL] CWE-287 CVE-2021-21538: Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authenti
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
nvd
CVE-2021-36300P2HIGHCVSS 8.2≥ unspecified, < 5.00.00.002021-11-23
CVE-2021-36300 [HIGH] CWE-89 CVE-2021-36300: iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthent
iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.
nvd
CVE-2020-5344P2CRITICALCVSS 9.8≥ unspecified, < 2.65.65.652020-03-31
CVE-2020-5344 [CRITICAL] CWE-121 CVE-2020-5344: Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a st
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
nvd
CVE-2021-36299P3HIGHCVSS 8.1≥ unspecified, < 5.00.00.002021-11-23
CVE-2021-36299 [HIGH] CWE-89 CVE-2021-36299: Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL inj
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to the affected application.
nvd
CVE-2021-36301P3HIGHCVSS 7.2≥ unspecified, < 4.40.40.002021-11-23
CVE-2021-36301 [HIGH] CWE-121 CVE-2021-36301: Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buf
Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.
nvd
CVE-2021-36347P3HIGHCVSS 7.2≥ unspecified, < iDRAC8: 2.82.82.82, iDRAC9: 5.00.20.002022-01-25
CVE-2021-36347 [HIGH] CWE-121 CVE-2021-36347: iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based bu
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the iDRAC operating system.
nvd
CVE-2021-21540P3HIGHCVSS 8.1≥ unspecified, < 4.40.00.002021-04-30
CVE-2021-21540 [HIGH] CWE-121 CVE-2021-21540: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.
nvd
CVE-2021-36348P3HIGHCVSS 8.1≥ unspecified, < 5.00.20.002022-01-25
CVE-2021-36348 [HIGH] CWE-89 CVE-2021-36348: iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to iDRAC.
nvd
CVE-2020-5366P3MEDIUMCVSS 6.5≥ unspecified, < 4.20.20.202020-07-09
CVE-2020-5366 [MEDIUM] CWE-22 CVE-2020-5366: Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authen
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
nvd
CVE-2021-21539P4HIGHCVSS 7.1≥ unspecified, < 4.40.00.002021-04-30
CVE-2021-21539 [HIGH] CWE-367 CVE-2021-21539: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condi
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.
nvd
CVE-2021-36346P4MEDIUMCVSS 5.3≥ unspecified, < 2.82.82.822022-01-25
CVE-2021-36346 [MEDIUM] CWE-287 CVE-2021-36346: Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticat
Dell iDRAC 8 prior to version 2.82.82.82 contain a denial of service vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability to deny access to the iDRAC webserver.
nvd
CVE-2021-21510P4MEDIUMCVSS 6.1≥ unspecified, < 2.75.100.752021-03-08
CVE-2021-21510 [MEDIUM] CWE-20 CVE-2021-21510: Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote un
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
nvd
CVE-2026-26945P4MEDIUMCVSS 5.3fixed in 7.00.00.181 or laterfixed in 7.20.10.50 or later+1 more2026-03-18
CVE-2026-26945 [MEDIUM] CWE-114 CVE-2026-26945: Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G vers
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerabil
nvd
CVE-2021-21578P4MEDIUMCVSS 6.1≥ unspecified, < 4.40.40.002021-08-03
CVE-2021-21578 [MEDIUM] CWE-601 CVE-2021-21578: Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauth
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
nvd
CVE-2021-21579P4MEDIUMCVSS 6.1≥ unspecified, < 4.40.40.002021-08-03
CVE-2021-21579 [MEDIUM] CWE-601 CVE-2021-21579: Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauth
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
nvd
CVE-2026-26948P4MEDIUMCVSS 4.9fixed in 7.00.00.174 or laterfixed in 7.10.90.00 or later2026-03-18
CVE-2026-26948 [MEDIUM] CWE-1258 CVE-2026-26948: Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G vers
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclos
nvd
CVE-2021-21541P4MEDIUMCVSS 6.1≥ unspecified, < 4.40.00.002021-04-30
CVE-2021-21541 [MEDIUM] CWE-79 CVE-2021-21541: Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability.
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser
nvd
CVE-2020-26198P4MEDIUMCVSS 6.1≥ unspecified, < 4.32.10.00 and 4.40.00.002020-12-16
CVE-2020-26198 [MEDIUM] CWE-79 CVE-2020-26198: Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
nvd
CVE-2021-21577P4MEDIUMCVSS 6.1≥ unspecified, < 4.40.40.002021-08-03
CVE-2021-21577 [MEDIUM] CWE-79 CVE-2021-21577: Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability.
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
nvd
CVE-2021-21581P4MEDIUMCVSS 6.1≥ unspecified, < 5.00.00.002021-08-03
CVE-2021-21581 [MEDIUM] CWE-79 CVE-2021-21581: Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote
Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
nvd
1 / 2Next →