Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for iDRAC by Dell EMC

    CVE-2019-3707 (GCVE-0-2019-3707)

    Vulnerability from nvd – Published: 2019-04-26 18:22 – Updated: 2024-09-16 18:09
    VLAI
    Title
    WS-MAN Authentication Bypass Vulnerability
    Summary
    Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.
    CWE
    • WS-MAN Authentication Bypass Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: 3.30.30.30 , < 3.30.30.30 (custom)
    Create a notification for this product.
    Date Public
    2019-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "3.30.30.30",
                  "status": "affected",
                  "version": "3.30.30.30",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "WS-MAN Authentication Bypass Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-26T18:22:09.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "WS-MAN Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-04-25T23:00:00.000Z",
              "ID": "CVE-2019-3707",
              "STATE": "PUBLIC",
              "TITLE": "WS-MAN Authentication Bypass Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.30.30.30",
                                "version_value": "3.30.30.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "WS-MAN Authentication Bypass Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3707",
        "datePublished": "2019-04-26T18:22:09.049Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:07.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3706 (GCVE-0-2019-3706)

    Vulnerability from nvd – Published: 2019-04-26 18:22 – Updated: 2024-09-17 00:26
    VLAI
    Title
    Web Interface Authentication Bypass Vulnerability
    Summary
    Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.
    CWE
    • Web Interface Authentication Bypass Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: 3.24.24.24 , < 3.24.24.24 (custom)
    Affected: 3.21.26.22 , < 3.21.26.22 (custom)
    Affected: 3.22.22.22 , < 3.22.22.22 (custom)
    Affected: 3.21.25.22 , < 3.21.25.22 (custom)
    Create a notification for this product.
    Date Public
    2019-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "3.24.24.24",
                  "status": "affected",
                  "version": "3.24.24.24",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.26.22",
                  "status": "affected",
                  "version": "3.21.26.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.22.22.22",
                  "status": "affected",
                  "version": "3.22.22.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.25.22",
                  "status": "affected",
                  "version": "3.21.25.22",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Web Interface Authentication Bypass Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-26T18:22:09.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Web Interface Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-04-25T23:00:00.000Z",
              "ID": "CVE-2019-3706",
              "STATE": "PUBLIC",
              "TITLE": "Web Interface Authentication Bypass Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.24.24.24",
                                "version_value": "3.24.24.24"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.26.22",
                                "version_value": "3.21.26.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.22.22.22",
                                "version_value": "3.22.22.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.25.22",
                                "version_value": "3.21.25.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Web Interface Authentication Bypass Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3706",
        "datePublished": "2019-04-26T18:22:09.012Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:26:34.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3705 (GCVE-0-2019-3705)

    Vulnerability from nvd – Published: 2019-04-26 18:22 – Updated: 2024-09-16 23:25
    VLAI
    Title
    Buffer Overflow Vulnerability
    Summary
    Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: 2.92 , < 2.92 (custom)
    Affected: 2.61.60.60 , < 2.61.60.60 (custom)
    Affected: 3.20.21.20 , < 3.20.21.20 (custom)
    Affected: 3.21.24.22 , < 3.21.24.22 (custom)
    Affected: 3.23.23.23 , < 3.23.23.23 (custom)
    Affected: 3.21.26.22 , < 3.21.26.22 (custom)
    Create a notification for this product.
    Date Public
    2019-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.92",
                  "status": "affected",
                  "version": "2.92",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "2.61.60.60",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.20.21.20",
                  "status": "affected",
                  "version": "3.20.21.20",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.24.22",
                  "status": "affected",
                  "version": "3.21.24.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.23.23.23",
                  "status": "affected",
                  "version": "3.23.23.23",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.26.22",
                  "status": "affected",
                  "version": "3.21.26.22",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-26T18:22:08.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-04-25T23:00:00.000Z",
              "ID": "CVE-2019-3705",
              "STATE": "PUBLIC",
              "TITLE": "Buffer Overflow Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.92",
                                "version_value": "2.92"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.61.60.60",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.20.21.20",
                                "version_value": "3.20.21.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.24.22",
                                "version_value": "3.21.24.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.23.23.23",
                                "version_value": "3.23.23.23"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.26.22",
                                "version_value": "3.21.26.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120 Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3705",
        "datePublished": "2019-04-26T18:22:08.963Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:25:37.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15776 (GCVE-0-2018-15776)

    Vulnerability from nvd – Published: 2018-12-13 22:00 – Updated: 2024-09-16 22:56
    VLAI
    Title
    iDRAC7, iDRAC8 - Improper Error Handling
    Summary
    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
    CWE
    • Improper Error Handling Vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: iDRAC7 , < 2.61.60.60 (custom)
    Affected: iDRAC8 , < 2.61.60.60 (custom)
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
              },
              {
                "name": "106233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Error Handling Vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
            },
            {
              "name": "106233",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106233"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iDRAC7, iDRAC8 - Improper Error Handling",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
              "ID": "CVE-2018-15776",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7, iDRAC8 - Improper Error Handling"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC7",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC8",
                                "version_value": "2.61.60.60"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Error Handling Vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
                },
                {
                  "name": "106233",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106233"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15776",
        "datePublished": "2018-12-13T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:03.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15774 (GCVE-0-2018-15774)

    Vulnerability from nvd – Published: 2018-12-13 22:00 – Updated: 2024-09-17 01:36
    VLAI
    Title
    iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability
    Summary
    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
    CWE
    • Privilege escalation vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: iDRAC7 , < 2.61.60.60 (custom)
    Affected: iDRAC8 , < 2.61.60.60 (custom)
    Affected: iDRAC9 , < 3.20.21.20 (custom)
    Affected: iDRAC9 , < 3.23.23.23 (custom)
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
              },
              {
                "name": "106233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC8",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "3.21.24.22",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.21.26.22",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "3.20.21.20",
                  "status": "affected",
                  "version": "iDRAC9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.23.23.23",
                  "status": "affected",
                  "version": "iDRAC9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
            },
            {
              "name": "106233",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106233"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
              "ID": "CVE-2018-15774",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC7",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC8",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.20.21.20"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.21.24.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.21.26.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.23.23.23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
                },
                {
                  "name": "106233",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106233"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15774",
        "datePublished": "2018-12-13T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:36:18.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3707 (GCVE-0-2019-3707)

    Vulnerability from cvelistv5 – Published: 2019-04-26 18:22 – Updated: 2024-09-16 18:09
    VLAI
    Title
    WS-MAN Authentication Bypass Vulnerability
    Summary
    Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.
    CWE
    • WS-MAN Authentication Bypass Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: 3.30.30.30 , < 3.30.30.30 (custom)
    Create a notification for this product.
    Date Public
    2019-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.547Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "3.30.30.30",
                  "status": "affected",
                  "version": "3.30.30.30",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "WS-MAN Authentication Bypass Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-26T18:22:09.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "WS-MAN Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-04-25T23:00:00.000Z",
              "ID": "CVE-2019-3707",
              "STATE": "PUBLIC",
              "TITLE": "WS-MAN Authentication Bypass Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.30.30.30",
                                "version_value": "3.30.30.30"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "WS-MAN Authentication Bypass Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3707",
        "datePublished": "2019-04-26T18:22:09.049Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:07.804Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3706 (GCVE-0-2019-3706)

    Vulnerability from cvelistv5 – Published: 2019-04-26 18:22 – Updated: 2024-09-17 00:26
    VLAI
    Title
    Web Interface Authentication Bypass Vulnerability
    Summary
    Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.
    CWE
    • Web Interface Authentication Bypass Vulnerability
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: 3.24.24.24 , < 3.24.24.24 (custom)
    Affected: 3.21.26.22 , < 3.21.26.22 (custom)
    Affected: 3.22.22.22 , < 3.22.22.22 (custom)
    Affected: 3.21.25.22 , < 3.21.25.22 (custom)
    Create a notification for this product.
    Date Public
    2019-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.489Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "3.24.24.24",
                  "status": "affected",
                  "version": "3.24.24.24",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.26.22",
                  "status": "affected",
                  "version": "3.21.26.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.22.22.22",
                  "status": "affected",
                  "version": "3.22.22.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.25.22",
                  "status": "affected",
                  "version": "3.21.25.22",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Web Interface Authentication Bypass Vulnerability",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-26T18:22:09.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Web Interface Authentication Bypass Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-04-25T23:00:00.000Z",
              "ID": "CVE-2019-3706",
              "STATE": "PUBLIC",
              "TITLE": "Web Interface Authentication Bypass Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.24.24.24",
                                "version_value": "3.24.24.24"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.26.22",
                                "version_value": "3.21.26.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.22.22.22",
                                "version_value": "3.22.22.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.25.22",
                                "version_value": "3.21.25.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Web Interface Authentication Bypass Vulnerability"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3706",
        "datePublished": "2019-04-26T18:22:09.012Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:26:34.078Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3705 (GCVE-0-2019-3705)

    Vulnerability from cvelistv5 – Published: 2019-04-26 18:22 – Updated: 2024-09-16 23:25
    VLAI
    Title
    Buffer Overflow Vulnerability
    Summary
    Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: 2.92 , < 2.92 (custom)
    Affected: 2.61.60.60 , < 2.61.60.60 (custom)
    Affected: 3.20.21.20 , < 3.20.21.20 (custom)
    Affected: 3.21.24.22 , < 3.21.24.22 (custom)
    Affected: 3.23.23.23 , < 3.23.23.23 (custom)
    Affected: 3.21.26.22 , < 3.21.26.22 (custom)
    Create a notification for this product.
    Date Public
    2019-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.92",
                  "status": "affected",
                  "version": "2.92",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "2.61.60.60",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.20.21.20",
                  "status": "affected",
                  "version": "3.20.21.20",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.24.22",
                  "status": "affected",
                  "version": "3.21.24.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.23.23.23",
                  "status": "affected",
                  "version": "3.23.23.23",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.26.22",
                  "status": "affected",
                  "version": "3.21.26.22",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-26T18:22:08.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-04-25T23:00:00.000Z",
              "ID": "CVE-2019-3705",
              "STATE": "PUBLIC",
              "TITLE": "Buffer Overflow Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.92",
                                "version_value": "2.92"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.61.60.60",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.20.21.20",
                                "version_value": "3.20.21.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.24.22",
                                "version_value": "3.21.24.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.23.23.23",
                                "version_value": "3.23.23.23"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.26.22",
                                "version_value": "3.21.26.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120 Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3705",
        "datePublished": "2019-04-26T18:22:08.963Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:25:37.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15774 (GCVE-0-2018-15774)

    Vulnerability from cvelistv5 – Published: 2018-12-13 22:00 – Updated: 2024-09-17 01:36
    VLAI
    Title
    iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability
    Summary
    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
    CWE
    • Privilege escalation vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: iDRAC7 , < 2.61.60.60 (custom)
    Affected: iDRAC8 , < 2.61.60.60 (custom)
    Affected: iDRAC9 , < 3.20.21.20 (custom)
    Affected: iDRAC9 , < 3.23.23.23 (custom)
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
              },
              {
                "name": "106233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC8",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "3.21.24.22",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.21.26.22",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "3.20.21.20",
                  "status": "affected",
                  "version": "iDRAC9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.23.23.23",
                  "status": "affected",
                  "version": "iDRAC9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
            },
            {
              "name": "106233",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106233"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
              "ID": "CVE-2018-15774",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC7",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC8",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.20.21.20"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.21.24.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.21.26.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.23.23.23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
                },
                {
                  "name": "106233",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106233"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15774",
        "datePublished": "2018-12-13T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:36:18.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15776 (GCVE-0-2018-15776)

    Vulnerability from cvelistv5 – Published: 2018-12-13 22:00 – Updated: 2024-09-16 22:56
    VLAI
    Title
    iDRAC7, iDRAC8 - Improper Error Handling
    Summary
    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
    CWE
    • Improper Error Handling Vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: iDRAC7 , < 2.61.60.60 (custom)
    Affected: iDRAC8 , < 2.61.60.60 (custom)
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
              },
              {
                "name": "106233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Error Handling Vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
            },
            {
              "name": "106233",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106233"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iDRAC7, iDRAC8 - Improper Error Handling",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
              "ID": "CVE-2018-15776",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7, iDRAC8 - Improper Error Handling"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC7",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC8",
                                "version_value": "2.61.60.60"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Error Handling Vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
                },
                {
                  "name": "106233",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106233"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15776",
        "datePublished": "2018-12-13T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:03.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }