Dell Emc Idrac9 vulnerabilities
2 known vulnerabilities affecting dell_emc/idrac9.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2018-1244P3HIGHCVSS 8.8≥ unspecified, < 3.21.21.212018-07-02
CVE-2018-1244 [HIGH] CWE-77 CVE-2018-1244: Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contai
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
nvd
CVE-2018-1249P4MEDIUMCVSS 5.9≥ unspecified, < 3.21.21.212018-07-02
CVE-2018-1249 [MEDIUM] CVE-2018-1249: Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to
Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.
nvd