Dell Emc Idrac vulnerabilities
5 known vulnerabilities affecting dell_emc/idrac.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2019-3706P2CRITICALCVSS 9.8≥ 3.24.24.24, < 3.24.24.24≥ 3.21.26.22, < 3.21.26.22+2 more2019-04-26
CVE-2019-3706 [CRITICAL] CVE-2019-3706: Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authe
Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.
nvd
CVE-2019-3707P2CRITICALCVSS 9.8≥ 3.30.30.30, < 3.30.30.302019-04-26
CVE-2019-3707 [CRITICAL] CVE-2019-3707: Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remot
Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.
nvd
CVE-2019-3705P2CRITICALCVSS 9.8≥ 2.92, < 2.92≥ 2.61.60.60, < 2.61.60.60+4 more2019-04-26
CVE-2019-3705 [CRITICAL] CWE-120 CVE-2019-3705: Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versi
Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the s
nvd
CVE-2018-15774P3HIGHCVSS 8.8≥ iDRAC7, < 2.61.60.60≥ iDRAC8, < 2.61.60.60+2 more2018-12-13
CVE-2018-15774 [HIGH] CWE-863 CVE-2018-15774: Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
nvd
CVE-2018-15776P4MEDIUMCVSS 6.8≥ iDRAC7, < 2.61.60.60≥ iDRAC8, < 2.61.60.602018-12-13
CVE-2018-15776 [MEDIUM] CVE-2018-15776: Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
nvd