Search

Find a vulnerability

Search criteria

    19 vulnerabilities found for iDRAC8 by Dell

    VAR-201704-0165

    Vulnerability from variot - Updated: 2025-04-20 23:36

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. Dell integrated Remote Access Controller is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user supplied data. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. iDRAC7and iDRAC8 versions prior to 2.21.21.21 are vulnerable. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A buffer overflow vulnerability exists in Dell iDRAC 6 prior to 2.80, 7 and 8 prior to 2.21.21.21. An attacker could exploit this vulnerability to cause a denial of service

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0165",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integrated remote access controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "1.99"
          },
          {
            "model": "integrated remote access controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.20.20.20"
          },
          {
            "model": "idrac6",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.80"
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "integrated remote access controller",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "2.20.20.20"
          },
          {
            "model": "integrated remote access controller",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.99"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7272"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "97532"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7272",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-7272",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-85233",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-7272",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7272",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7272",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-535",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-85233",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7272",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85233"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7272"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. Dell integrated Remote Access Controller is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user supplied data. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \niDRAC7and iDRAC8 versions prior to 2.21.21.21 are vulnerable. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A buffer overflow vulnerability exists in Dell iDRAC 6 prior to 2.80, 7 and 8 prior to 2.21.21.21. An attacker could exploit this vulnerability to cause a denial of service",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "db": "BID",
            "id": "97532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85233"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7272"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7272",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "97532",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-85233",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7272",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85233"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7272"
          },
          {
            "db": "BID",
            "id": "97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7272"
          }
        ]
      },
      "id": "VAR-201704-0165",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85233"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:36:56.411000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
            "trust": 0.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "title": "Dell Integrated Remote Access Controller 6 , 7  and 8 Buffer error vulnerability fix",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70169"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7272"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-119",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7272"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/97532"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7272"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7272"
          },
          {
            "trust": 0.3,
            "url": "http://dell.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/119.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85233"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7272"
          },
          {
            "db": "BID",
            "id": "97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7272"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-85233"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7272"
          },
          {
            "db": "BID",
            "id": "97532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7272"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85233"
          },
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7272"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "BID",
            "id": "97532"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          },
          {
            "date": "2017-04-10T03:59:00.810000",
            "db": "NVD",
            "id": "CVE-2015-7272"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85233"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7272"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "BID",
            "id": "97532"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          },
          {
            "date": "2017-05-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7272"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dell iDRAC Service disruption in products  (DoS) Vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007496"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer overflow",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-535"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0168

    Vulnerability from variot - Updated: 2025-04-20 23:27

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Dell iDRAC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Dell iDRAC6 versions prior to 2.85 Dell iDRAC7 versions prior to 2.30.30.30 Dell iDRAC8 versions prior to 2.30.30.30. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0168",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integrated remote access controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.80"
          },
          {
            "model": "integrated remote access controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac6",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.85"
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "integrated remote access controller",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "integrated remote access controller",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "2.80"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.57.57"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.56.55"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.80"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.95"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.7"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.41"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.85"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "97520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7275"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Google Infrastructure Security Assurance",
        "sources": [
          {
            "db": "BID",
            "id": "97520"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7275",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-7275",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-85236",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2015-7275",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7275",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7275",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-532",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-85236",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7275",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85236"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7275"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Dell iDRAC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \nThe following products are vulnerable:\nDell iDRAC6 versions prior to 2.85\nDell iDRAC7 versions prior to 2.30.30.30\nDell iDRAC8 versions prior to 2.30.30.30. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "db": "BID",
            "id": "97520"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85236"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7275"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7275",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "97520",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-85236",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7275",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85236"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7275"
          },
          {
            "db": "BID",
            "id": "97520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7275"
          }
        ]
      },
      "id": "VAR-201704-0168",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85236"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:27:26.719000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
            "trust": 0.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "title": "Dell Integrated Remote Access Controller 6 , 7  and 8 Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70166"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7275"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85236"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7275"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/97520"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7275"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7275"
          },
          {
            "trust": 0.3,
            "url": "http://dell.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85236"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7275"
          },
          {
            "db": "BID",
            "id": "97520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7275"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-85236"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7275"
          },
          {
            "db": "BID",
            "id": "97520"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7275"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85236"
          },
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7275"
          },
          {
            "date": "2017-04-10T00:00:00",
            "db": "BID",
            "id": "97520"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          },
          {
            "date": "2017-04-10T03:59:00.890000",
            "db": "NVD",
            "id": "CVE-2015-7275"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85236"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7275"
          },
          {
            "date": "2017-04-11T00:04:00",
            "db": "BID",
            "id": "97520"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          },
          {
            "date": "2017-05-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7275"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dell iDRAC Product cross-site scripting vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007499"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-532"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0164

    Vulnerability from variot - Updated: 2025-04-20 23:26

    Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Dell iDRAC7 and iDRAC8 Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Dell iDRAC Products are prone to a remote format-string vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application or cause denial-of-service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0164",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integrated remote access controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.20.20.20"
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "integrated remote access controller",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "2.20.20.20"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.4"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.57.57"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.56.55"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "97561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7271"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "97561"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7271",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-7271",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-85232",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-7271",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7271",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7271",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-536",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-85232",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7271",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85232"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7271"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Dell iDRAC7 and iDRAC8 Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Dell iDRAC Products are prone to a remote format-string vulnerability. \nRemote attackers can exploit this issue to execute arbitrary code in  the context of the application or cause denial-of-service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "db": "BID",
            "id": "97561"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85232"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7271"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7271",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "97561",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-85232",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7271",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85232"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7271"
          },
          {
            "db": "BID",
            "id": "97561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7271"
          }
        ]
      },
      "id": "VAR-201704-0164",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85232"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:26:07.873000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
            "trust": 0.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "title": "Dell Integrated Remote Access Controller 7  and 8 Fixes for formatting string vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70170"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-134",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7271"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/97561"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7271"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7271"
          },
          {
            "trust": 0.3,
            "url": "http://dell.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/134.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85232"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7271"
          },
          {
            "db": "BID",
            "id": "97561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7271"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-85232"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7271"
          },
          {
            "db": "BID",
            "id": "97561"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7271"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85232"
          },
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7271"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "BID",
            "id": "97561"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          },
          {
            "date": "2017-04-10T03:59:00.780000",
            "db": "NVD",
            "id": "CVE-2015-7271"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85232"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7271"
          },
          {
            "date": "2017-04-18T00:04:00",
            "db": "BID",
            "id": "97561"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          },
          {
            "date": "2017-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7271"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell iDRAC7 and  iDRAC8 Vulnerabilities related to format strings",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007495"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "format string",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-536"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0166

    Vulnerability from variot - Updated: 2025-04-20 23:20

    Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Dell iDRAC7 and iDRAC8 Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. A cross-site scripting vulnerability exists in Dell iDRAC 7 and 8 prior to 2.21.21.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0166",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integrated remote access controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.20.20.20"
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "integrated remote access controller",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "2.20.20.20"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7273"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          }
        ]
      },
      "cve": "CVE-2015-7273",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-7273",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-85234",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-7273",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7273",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7273",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-534",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-85234",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7273",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85234"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7273"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Dell iDRAC7 and iDRAC8 Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. A cross-site scripting vulnerability exists in Dell iDRAC 7 and 8 prior to 2.21.21.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85234"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7273"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7273",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-85234",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7273",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85234"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7273"
          }
        ]
      },
      "id": "VAR-201704-0166",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85234"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:20:03.141000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
            "trust": 0.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "title": "Dell Integrated Remote Access Controller 7  and 8 Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70168"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-611",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85234"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7273"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7273"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7273"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/611.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85234"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7273"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-85234"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7273"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85234"
          },
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7273"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          },
          {
            "date": "2017-04-10T03:59:00.827000",
            "db": "NVD",
            "id": "CVE-2015-7273"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85234"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7273"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          },
          {
            "date": "2017-05-18T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7273"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell iDRAC7 and  iDRAC8 In  XML External entity vulnerabilities",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007497"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-534"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0163

    Vulnerability from variot - Updated: 2025-04-20 23:05

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Dell iDRAC is prone to a local directory-traversal vulnerability. Exploiting this issue will allow an attacker to gain sensitive information and perform unauthorized actions. The following products are vulnerable: Versions prior to Dell iDRAC6 2.80 Versions prior to Dell iDRAC7 2.21.21.21 Versions prior to Dell iDRAC8 2.21.21.21

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0163",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "integrated remote access controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "1.99"
          },
          {
            "model": "integrated remote access controller",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.20.20.20"
          },
          {
            "model": "idrac6",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.80"
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "integrated remote access controller",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "2.20.20.20"
          },
          {
            "model": "integrated remote access controller",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.99"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.57.57"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.56.55"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.95"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.7"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.41"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac6",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.80"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "97521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7270"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Google Infrastructure Security Assurance",
        "sources": [
          {
            "db": "BID",
            "id": "97521"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-7270",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2015-7270",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-85231",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.8,
                "id": "CVE-2015-7270",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-7270",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-7270",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-467",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-85231",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-7270",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85231"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7270"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Dell iDRAC is prone to a local directory-traversal vulnerability. \nExploiting this issue will allow an attacker to gain sensitive information and perform unauthorized actions. \nThe following products are vulnerable:\nVersions prior to Dell iDRAC6 2.80\nVersions prior to Dell iDRAC7 2.21.21.21\nVersions prior to Dell iDRAC8 2.21.21.21",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "db": "BID",
            "id": "97521"
          },
          {
            "db": "VULHUB",
            "id": "VHN-85231"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7270"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-7270",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "97521",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-85231",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7270",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85231"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7270"
          },
          {
            "db": "BID",
            "id": "97521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7270"
          }
        ]
      },
      "id": "VAR-201704-0163",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85231"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-20T23:05:15.018000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
            "trust": 0.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "title": "Dell Integrated Remote Access Controller 6 , 7  and 8 Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=73818"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2015-7270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85231"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7270"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/97521"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7270"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-7270"
          },
          {
            "trust": 0.3,
            "url": "http://dell.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/22.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-85231"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7270"
          },
          {
            "db": "BID",
            "id": "97521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7270"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-85231"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-7270"
          },
          {
            "db": "BID",
            "id": "97521"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-7270"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85231"
          },
          {
            "date": "2017-04-10T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7270"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "BID",
            "id": "97521"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "date": "2017-04-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          },
          {
            "date": "2017-04-10T03:59:00.747000",
            "db": "NVD",
            "id": "CVE-2015-7270"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-85231"
          },
          {
            "date": "2017-04-14T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-7270"
          },
          {
            "date": "2017-04-11T00:04:00",
            "db": "BID",
            "id": "97521"
          },
          {
            "date": "2017-05-15T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          },
          {
            "date": "2017-08-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2015-7270"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "BID",
            "id": "97521"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          }
        ],
        "trust": 0.9
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dell iDRAC Path traversal vulnerability in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007494"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-467"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201611-0079

    Vulnerability from variot - Updated: 2025-04-13 23:23

    Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. An attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Dell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.40.40.4 are vulnerable. Dell Integrated Remote Access Controller (iDRAC) 7 and 8 are remote access control cards of Dell (Dell). Attackers can exploit this vulnerability to gain Bash shell privileges

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201611-0079",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "idrac8",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac7",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac7",
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.40.40.40"
          },
          {
            "model": "idrac8",
            "scope": null,
            "trust": 0.8,
            "vendor": "dell",
            "version": null
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "2.40.40.40"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.40.40.40"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.40.40.40"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "94585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5685"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:dell:idrac7",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:dell:idrac8",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.",
        "sources": [
          {
            "db": "BID",
            "id": "94585"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-5685",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CVE-2016-5685",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "VHN-94504",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2016-5685",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2016-5685",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2016-5685",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201611-647",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-94504",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2016-5685",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5685"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. Dell iDRAC7 and iDRAC8 devices are  prone to a code-injection vulnerability. \nAn  attacker can exploit this issue to inject arbitrary code  in the  context of the affected device. This may  facilitate a  compromise of  the application and the underlying system;  other attacks  are also  possible. \nDell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.40.40.4 are vulnerable. Dell Integrated Remote Access Controller (iDRAC) 7 and 8 are remote access control cards of Dell (Dell). Attackers can exploit this vulnerability to gain Bash shell privileges",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-5685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "db": "BID",
            "id": "94585"
          },
          {
            "db": "VULHUB",
            "id": "VHN-94504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5685"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-5685",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "94585",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-94504",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5685",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5685"
          },
          {
            "db": "BID",
            "id": "94585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5685"
          }
        ]
      },
      "id": "VAR-201611-0079",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94504"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-13T23:23:34.438000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell iDRAC team\u0027s response to Common Vulnerabilities and Exposures (CVE) ID CVE-2016-5685 [16 November 2016]",
            "trust": 0.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
          },
          {
            "title": "Dell iDRAC7  and iDRAC8 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65911"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2016-5685"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94504"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5685"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/94585"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5685"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5685"
          },
          {
            "trust": 0.3,
            "url": "http://dell.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/74.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-94504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5685"
          },
          {
            "db": "BID",
            "id": "94585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5685"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-94504"
          },
          {
            "db": "VULMON",
            "id": "CVE-2016-5685"
          },
          {
            "db": "BID",
            "id": "94585"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-5685"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-11-29T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94504"
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-5685"
          },
          {
            "date": "2016-11-29T00:00:00",
            "db": "BID",
            "id": "94585"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          },
          {
            "date": "2016-11-29T15:59:00.200000",
            "db": "NVD",
            "id": "CVE-2016-5685"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-12-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-94504"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2016-5685"
          },
          {
            "date": "2016-12-20T02:03:00",
            "db": "BID",
            "id": "94585"
          },
          {
            "date": "2016-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          },
          {
            "date": "2016-11-30T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2016-5685"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell iDRAC7 and  iDRAC8 In device firmware  Bash Vulnerabilities that gain shell access",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-006039"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201611-647"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201911-0372

    Vulnerability from variot - Updated: 2024-11-23 23:11

    Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. Dell EMC iDRAC8 and iDRAC9 Contains an unauthorized authentication vulnerability.Information may be obtained. Dell EMC iDRAC9 and others are products of Dell (Dell). This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201911-0372",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.70.70.70"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "3.36.36.36"
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 1.0,
            "vendor": "dell",
            "version": "2.65.65.65"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3764"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          }
        ]
      },
      "cve": "CVE-2019-3764",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2019-3764",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-155199",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2019-3764",
                "impactScore": 1.4,
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "security_alert@emc.com",
                "availabilityImpact": "LOW",
                "baseScore": 5.0,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.6,
                "id": "CVE-2019-3764",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2019-3764",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-3764",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2019-3764",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3764",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201911-419",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-155199",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-3764",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155199"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3764"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3764"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3764"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. Dell EMC iDRAC8 and iDRAC9 Contains an unauthorized authentication vulnerability.Information may be obtained. Dell EMC iDRAC9 and others are products of Dell (Dell). This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-3764"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "db": "VULHUB",
            "id": "VHN-155199"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3764"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-3764",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-419",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-155199",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3764",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155199"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3764"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3764"
          }
        ]
      },
      "id": "VAR-201911-0372",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155199"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T23:11:38.265000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-2019-137",
            "trust": 0.8,
            "url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
          },
          {
            "title": "Dell EMC iDRAC7 , iDRAC8  and iDRAC9 Remediation measures for authorization problem vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108199"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2019-3764"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-285",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-863",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155199"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3764"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3764"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3764"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/rsa-authentication-manager-vulnerability-via-idrac-31132"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110909"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155199"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3764"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3764"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-155199"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3764"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3764"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-11-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-155199"
          },
          {
            "date": "2019-11-07T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3764"
          },
          {
            "date": "2019-11-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "date": "2019-11-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          },
          {
            "date": "2019-11-07T18:15:12.167000",
            "db": "NVD",
            "id": "CVE-2019-3764"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-155199"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3764"
          },
          {
            "date": "2019-11-19T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          },
          {
            "date": "2020-10-21T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          },
          {
            "date": "2024-11-21T04:42:29.157000",
            "db": "NVD",
            "id": "CVE-2019-3764"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC8 and  iDRAC9 Vulnerable to unauthorized authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-011827"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201911-419"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-1252

    Vulnerability from variot - Updated: 2024-11-23 23:05

    Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1252",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "idrac6",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.91"
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.60.60.60"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.60.60.60"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "3.21.21.21"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.10.10"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.23.23"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.00.00"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.7"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.40.40"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.06.06"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.20.20"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.37.35"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.8"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.95"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1243"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          }
        ]
      },
      "cve": "CVE-2018-1243",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-1243",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-122388",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-1243",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "security_alert@emc.com",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.6,
                "id": "CVE-2018-1243",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-1243",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2018-1243",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-1243",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-058",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-122388",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-1243",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122388"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1243"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1243"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-1243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "db": "VULHUB",
            "id": "VHN-122388"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1243"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-1243",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-122388",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1243",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122388"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1243"
          }
        ]
      },
      "id": "VAR-201807-1252",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122388"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T23:05:03.772000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "iDRAC9 Home",
            "trust": 0.8,
            "url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja"
          },
          {
            "title": "Multiple Dell Product security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81664"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-1243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-358",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122388"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1243"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1243"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1243"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/358.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122388"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1243"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-122388"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1243"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1243"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122388"
          },
          {
            "date": "2018-07-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1243"
          },
          {
            "date": "2018-10-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "date": "2018-07-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          },
          {
            "date": "2018-07-02T17:29:00.347000",
            "db": "NVD",
            "id": "CVE-2018-1243"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122388"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1243"
          },
          {
            "date": "2018-10-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          },
          {
            "date": "2024-11-21T03:59:27.130000",
            "db": "NVD",
            "id": "CVE-2018-1243"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dell iDRAC Vulnerabilities related to security checks in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007907"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "security feature problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-058"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1416

    Vulnerability from variot - Updated: 2024-11-23 22:59

    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. Dell EMC iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information may be obtained. Multiple Dell Products are prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Web server is one of the web servers. URI parser is one of the URI parsers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1416",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "emc idrac7",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.52.52.52"
          },
          {
            "model": "emc idrac8",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.52.52.52"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.40.40.40"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.4"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.40.40.40"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.57.57"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "1.56.55"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.52.52.52"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.52.52.52"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "103768"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1211"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:dell:emc_idrac7",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:dell:emc_idrac8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Immunity Team (Immunity Inc.)",
        "sources": [
          {
            "db": "BID",
            "id": "103768"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-1211",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-1211",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-122036",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-1211",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-1211",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-1211",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-908",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-122036",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-1211",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122036"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1211"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server\u0027s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. Dell EMC iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information may be obtained. Multiple Dell Products are prone to a directory-traversal vulnerability. \nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve sensitive information. This may aid in further attacks. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Web server is one of the web servers. URI parser is one of the URI parsers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "db": "BID",
            "id": "103768"
          },
          {
            "db": "VULHUB",
            "id": "VHN-122036"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1211"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-1211",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-908",
            "trust": 0.7
          },
          {
            "db": "BID",
            "id": "103768",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-122036",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1211",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122036"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1211"
          },
          {
            "db": "BID",
            "id": "103768"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1211"
          }
        ]
      },
      "id": "VAR-201803-1416",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122036"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:59:05.283000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell EMC iDRAC Response to Common Vulnerabilities and Exposures CVE-2018-1207, CVE-2018-1211, and CVE-2018-1000116 [20 March 2018]",
            "trust": 0.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
          },
          {
            "title": "Dell EMC iDRAC7  and iDRAC8 Web server URI Fixes for resolver path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79405"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-1211"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122036"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1211"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1211"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1211"
          },
          {
            "trust": 0.3,
            "url": "http://dell.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/22.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122036"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1211"
          },
          {
            "db": "BID",
            "id": "103768"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1211"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-122036"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1211"
          },
          {
            "db": "BID",
            "id": "103768"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1211"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122036"
          },
          {
            "date": "2018-03-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1211"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103768"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "date": "2018-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          },
          {
            "date": "2018-03-23T14:29:00.353000",
            "db": "NVD",
            "id": "CVE-2018-1211"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-04-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122036"
          },
          {
            "date": "2018-04-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1211"
          },
          {
            "date": "2018-03-20T00:00:00",
            "db": "BID",
            "id": "103768"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          },
          {
            "date": "2018-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          },
          {
            "date": "2024-11-21T03:59:23.897000",
            "db": "NVD",
            "id": "CVE-2018-1211"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7 and  iDRAC8 Path traversal vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003352"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-908"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-0039

    Vulnerability from variot - Updated: 2024-11-23 22:51

    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. Dell EMC iDRAC is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. A local unauthorized-access vulnerability An attacker can exploit this issue to run processes with elevated privileges, gain unauthorized access and execute arbitrary commands with user privileges in context of the affected application. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0039",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.61.60.60"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.61.60.60"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.20.20.20"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.19.19.19"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.18.18.18"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.17.20.17"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.17.18.17"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.17.17.17"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.16.16.16"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.15.19.15"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.15.17.15"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.15.15.15"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.11.11.11"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.00.00.00"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.23.23.23"
          },
          {
            "model": "idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.21.26.22"
          },
          {
            "model": "idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.21.24.22"
          },
          {
            "model": "idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.20.21.20"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.61.60.60"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.61.60.60"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15776"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jon Sands and Adam Nielsen",
        "sources": [
          {
            "db": "BID",
            "id": "106233"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-15776",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-15776",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-126069",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "id": "CVE-2018-15776",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "author": "security_alert@emc.com",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.5,
                "id": "CVE-2018-15776",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-15776",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2018-15776",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-15776",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-673",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-126069",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-15776",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15776"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15776"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15776"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. Dell EMC iDRAC is prone to the following security vulnerabilities:\n1. A privilege-escalation vulnerability\n2. A local unauthorized-access vulnerability\nAn attacker can exploit this issue to run processes with elevated privileges, gain unauthorized access and execute arbitrary commands with user privileges in context of the affected application. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-15776"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15776"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "106233",
            "trust": 2.9
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15776",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15728",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15776",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15776"
          },
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15776"
          }
        ]
      },
      "id": "VAR-201812-0039",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:51:54.134000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell EMC iDRAC \u306e\u8907\u6570\u306e\u8106\u5f31\u6027 (cve-2018-15774 \u304a\u3088\u3073 cve-2018-15776)",
            "trust": 0.8,
            "url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-\u306e\u8907\u6570\u306e\u8106\u5f31\u6027-cve-2018-15774-\u304a\u3088\u3073-cve-2018-15776?lang=ja"
          },
          {
            "title": "Dell EMC iDRAC7  and iDRAC8 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87908"
          },
          {
            "title": "reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling",
            "trust": 0.1,
            "url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-15776"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-388",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15776"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://www.securityfocus.com/bid/106233"
          },
          {
            "trust": 2.1,
            "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15776"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15776"
          },
          {
            "trust": 0.3,
            "url": "https://www.dellemc.com/en-us/index.htm"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15776"
          },
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15776"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15776"
          },
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15776"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-15776"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "BID",
            "id": "106233"
          },
          {
            "date": "2019-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          },
          {
            "date": "2018-12-13T22:29:00.377000",
            "db": "NVD",
            "id": "CVE-2018-15776"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-15776"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "BID",
            "id": "106233"
          },
          {
            "date": "2019-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          },
          {
            "date": "2024-11-21T03:51:26.940000",
            "db": "NVD",
            "id": "CVE-2018-15776"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7 and  iDRAC8 Error handling vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014039"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201812-0038

    Vulnerability from variot - Updated: 2024-11-23 22:51

    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. Dell EMC iDRAC7 , iDRAC8 , iDRAC9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. Dell EMC iDRAC7, iDRAC8 and iDRAC9 are all system management solutions of Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201812-0038",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.61.60.60"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.61.60.60"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "3.20.21.20"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "3.21.24.22"
          },
          {
            "model": "idrac9",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dell",
            "version": "3.21.21.21"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "3.21.26.22"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "3.23.23.23"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.20.20.20"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.19.19.19"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.18.18.18"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.17.20.17"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.17.18.17"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.17.17.17"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.16.16.16"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.15.19.15"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.15.17.15"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.15.15.15"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.11.11.11"
          },
          {
            "model": "idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.00.00.00"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac6",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "0"
          },
          {
            "model": "idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.23.23.23"
          },
          {
            "model": "idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.21.26.22"
          },
          {
            "model": "idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.21.24.22"
          },
          {
            "model": "idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.20.21.20"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.61.60.60"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.61.60.60"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15774"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Jon Sands and Adam Nielsen",
        "sources": [
          {
            "db": "BID",
            "id": "106233"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-15774",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-15774",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-126067",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.9,
                "id": "VHN-126069",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-15774",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security_alert@emc.com",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.2,
                "id": "CVE-2018-15774",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-15774",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2018-15774",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-15774",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201812-674",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-126067",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-126069",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-15774",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15774"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15774"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15774"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. Dell EMC iDRAC7 , iDRAC8 , iDRAC9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC is prone to the following security vulnerabilities:\n1. A privilege-escalation vulnerability\n2. Dell EMC iDRAC7, iDRAC8 and iDRAC9 are all system management solutions of Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-15774"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15774"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-15774",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "106233",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-674",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15727",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-126067",
            "trust": 0.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-673",
            "trust": 0.1
          },
          {
            "db": "CNVD",
            "id": "CNVD-2020-15728",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15774",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15774"
          },
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15774"
          }
        ]
      },
      "id": "VAR-201812-0038",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          }
        ],
        "trust": 0.02
      },
      "last_update_date": "2024-11-23T22:51:54.097000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell EMC iDRAC \u306e\u8907\u6570\u306e\u8106\u5f31\u6027 (cve-2018-15774 \u304a\u3088\u3073 cve-2018-15776)",
            "trust": 0.8,
            "url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-\u306e\u8907\u6570\u306e\u8106\u5f31\u6027-cve-2018-15774-\u304a\u3088\u3073-cve-2018-15776?lang=ja"
          },
          {
            "title": "Dell EMC iDRAC Multiple Vulnerabilities (CVE-2018-15774 and CVE-2018-15776)",
            "trust": 0.8,
            "url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776?lang=en"
          },
          {
            "title": "Dell EMC iDRAC7 , iDRAC8  and iDRAC9 Fixes for permission permissions and access control vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87909"
          },
          {
            "title": "reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling",
            "trust": 0.1,
            "url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling "
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-15774"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          },
          {
            "problemtype": "CWE-388",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15774"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.securityfocus.com/bid/106233"
          },
          {
            "trust": 2.2,
            "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15774"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-15774"
          },
          {
            "trust": 0.3,
            "url": "https://www.dellemc.com/en-us/index.htm"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/863.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15774"
          },
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15774"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-15774"
          },
          {
            "db": "BID",
            "id": "106233"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-15774"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-15774"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "BID",
            "id": "106233"
          },
          {
            "date": "2019-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "date": "2018-12-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          },
          {
            "date": "2018-12-13T22:29:00.327000",
            "db": "NVD",
            "id": "CVE-2018-15774"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126067"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-126069"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-15774"
          },
          {
            "date": "2018-12-13T00:00:00",
            "db": "BID",
            "id": "106233"
          },
          {
            "date": "2019-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          },
          {
            "date": "2024-11-21T03:51:26.783000",
            "db": "NVD",
            "id": "CVE-2018-15774"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dell iDRAC Vulnerabilities related to authorization, authority, and access control in products",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014040"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201812-674"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201807-1253

    Vulnerability from variot - Updated: 2024-11-23 22:30

    Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. Dell EMC iDRAC7 , iDRAC8 ,and iDRAC9 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Dell EMC Products are prone to remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201807-1253",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.60.60.60"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.60.60.60"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "3.21.21.21"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.10.10"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.23.23"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.00.00"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.40.40"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.06.06"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.20.20"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "dell",
            "version": "1.37.35"
          },
          {
            "model": "emc idrac9",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.0"
          },
          {
            "model": "emc idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.52.52.52"
          },
          {
            "model": "emc idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.52.52.52"
          },
          {
            "model": "emc idrac9",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "3.21.21.21"
          },
          {
            "model": "emc idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.60.60.60"
          },
          {
            "model": "emc idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.60.60.60"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "104964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1244"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported these issues.",
        "sources": [
          {
            "db": "BID",
            "id": "104964"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-1244",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "CVE-2018-1244",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-122399",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-1244",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 2.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-1244",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2018-1244",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-1244",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201807-057",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-122399",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-1244",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122399"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1244"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1244"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1244"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. Dell EMC iDRAC7 , iDRAC8 ,and iDRAC9 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Dell EMC Products are prone to remote command-injection vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute  arbitrary code in the context of the affected application. Failed  exploit attempts will result in a denial-of-service condition. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-1244"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "db": "BID",
            "id": "104964"
          },
          {
            "db": "VULHUB",
            "id": "VHN-122399"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1244"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "104964",
            "trust": 2.9
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1244",
            "trust": 2.9
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-122399",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1244",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122399"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1244"
          },
          {
            "db": "BID",
            "id": "104964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1244"
          }
        ]
      },
      "id": "VAR-201807-1253",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122399"
          }
        ],
        "trust": 0.6769231
      },
      "last_update_date": "2024-11-23T22:30:19.930000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "iDRAC9 Home",
            "trust": 0.8,
            "url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja"
          },
          {
            "title": "Dell EMC iDRAC7 , iDRAC8  and iDRAC9 Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81663"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-1244"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122399"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1244"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "http://www.securityfocus.com/bid/104964"
          },
          {
            "trust": 2.1,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1244"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1244"
          },
          {
            "trust": 0.3,
            "url": "http://www.emc.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-122399"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1244"
          },
          {
            "db": "BID",
            "id": "104964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1244"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-122399"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1244"
          },
          {
            "db": "BID",
            "id": "104964"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1244"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-07-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122399"
          },
          {
            "date": "2018-07-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1244"
          },
          {
            "date": "2018-08-06T00:00:00",
            "db": "BID",
            "id": "104964"
          },
          {
            "date": "2018-10-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "date": "2018-07-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          },
          {
            "date": "2018-07-02T17:29:00.380000",
            "db": "NVD",
            "id": "CVE-2018-1244"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-122399"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1244"
          },
          {
            "date": "2018-08-06T00:00:00",
            "db": "BID",
            "id": "104964"
          },
          {
            "date": "2018-10-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          },
          {
            "date": "2024-11-21T03:59:27.247000",
            "db": "NVD",
            "id": "CVE-2018-1244"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dell iDRAC Command injection vulnerability in the product",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-007908"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "command injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201807-057"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202103-0636

    Vulnerability from variot - Updated: 2024-11-23 22:29

    Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. Dell iDRAC8 Is vulnerable to injection.Information may be obtained and information may be tampered with. Dell iDRAC8 is an integrated Dell remote access controller that can help IT administrators deploy, update, monitor and maintain servers without installing any additional software. Dell iDRAC8 is a controller of Dell (Dell). Provides comprehensive, embedded management, and automation capabilities for the entire PowerEdge family of servers

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202103-0636",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 1.6,
            "vendor": "dell",
            "version": "2.75.100.75"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": "idrac8  firmware  2.75.100.75"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u30c7\u30eb",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21510"
          }
        ]
      },
      "cve": "CVE-2021-21510",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CVE-2021-21510",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.9,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2021-26351",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-379914",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "security_alert@emc.com",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21510",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "id": "CVE-2021-21510",
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2021-21510",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2021-21510",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2021-21510",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-26351",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202103-547",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-379914",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-21510",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-379914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21510"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21510"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web-cache or trigger redirections. Dell iDRAC8 Is vulnerable to injection.Information may be obtained and information may be tampered with. Dell iDRAC8 is an integrated Dell remote access controller that can help IT administrators deploy, update, monitor and maintain servers without installing any additional software. Dell iDRAC8 is a controller of Dell (Dell). Provides comprehensive, embedded management, and automation capabilities for the entire PowerEdge family of servers",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-21510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-379914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21510"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-21510",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-547",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-379914",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21510",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-379914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21510"
          }
        ]
      },
      "id": "VAR-202103-0636",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-379914"
          }
        ],
        "trust": 0.06999999999999999
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:29:17.942000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-2021-041",
            "trust": 0.8,
            "url": "https://www.dell.com/support/kbdoc/en-us/000183758/dsa-2021-041-dell-emc-idrac-8-security-update-for-a-host-header-injection-vulnerability"
          },
          {
            "title": "Patch for Dell iDRAC8 host header injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/257166"
          },
          {
            "title": "Dell iDRAC8 Repair measures for injecting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=144154"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/chnzzh/iDRAC-CVE-lib "
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-20",
            "trust": 1.0
          },
          {
            "problemtype": "injection (CWE-74) [NVD Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-379914"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21510"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-21510"
          },
          {
            "trust": 1.8,
            "url": "https://www.dell.com/support/kbdoc/en-us/000183758/dsa-2021-041-dell-emc-idrac-8-security-update-for-a-host-header-injection-vulnerability"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/74.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/chnzzh/idrac-cve-lib"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-379914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21510"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "db": "VULHUB",
            "id": "VHN-379914"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-21510"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-21510"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "date": "2021-03-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-379914"
          },
          {
            "date": "2021-03-08T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21510"
          },
          {
            "date": "2021-11-18T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "date": "2021-03-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          },
          {
            "date": "2021-03-08T22:15:14.080000",
            "db": "NVD",
            "id": "CVE-2021-21510"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-04-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-26351"
          },
          {
            "date": "2022-10-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-379914"
          },
          {
            "date": "2022-10-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-21510"
          },
          {
            "date": "2021-11-18T08:49:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          },
          {
            "date": "2021-03-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          },
          {
            "date": "2024-11-21T05:48:30.207000",
            "db": "NVD",
            "id": "CVE-2021-21510"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell\u00a0iDRAC8\u00a0 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-004333"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202103-547"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201803-1412

    Vulnerability from variot - Updated: 2024-11-23 22:22

    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7 and iDRAC8 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. An attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Dell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52 are vulnerable. Dell EMC iDRAC7 and iDRAC8 are both hardware and software system management solutions from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201803-1412",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "emc idrac7",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.52.52.52"
          },
          {
            "model": "emc idrac8",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.52.52.52"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.40.40.40"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30"
          },
          {
            "model": "idrac8",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.40.40.40"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30.30.30"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.30"
          },
          {
            "model": "idrac7",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.21.21.21"
          },
          {
            "model": "idrac8",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.52.52.5"
          },
          {
            "model": "idrac7",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "dell",
            "version": "2.52.52.5"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "103694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1207"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:dell:emc_idrac7",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/a:dell:emc_idrac8",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Immunity Team",
        "sources": [
          {
            "db": "BID",
            "id": "103694"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-1207",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2018-1207",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-121992",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2018-1207",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-1207",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-1207",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201803-909",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-121992",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-1207",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-121992"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1207"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7 and iDRAC8 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell iDRAC7 and iDRAC8 devices are  prone to a code-injection vulnerability. \nAn  attacker can exploit this issue to inject arbitrary code  in the  context of the affected device. This may  facilitate a  compromise of  the application and the underlying system;  other attacks  are also  possible. \nDell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52 are vulnerable. Dell EMC iDRAC7 and iDRAC8 are both hardware and software system management solutions from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-1207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "db": "BID",
            "id": "103694"
          },
          {
            "db": "VULHUB",
            "id": "VHN-121992"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1207"
          }
        ],
        "trust": 2.07
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-1207",
            "trust": 2.9
          },
          {
            "db": "BID",
            "id": "103694",
            "trust": 2.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-909",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-121992",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1207",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-121992"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1207"
          },
          {
            "db": "BID",
            "id": "103694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1207"
          }
        ]
      },
      "id": "VAR-201803-1412",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-121992"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:22:11.797000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Dell EMC iDRAC Response to Common Vulnerabilities and Exposures CVE-2018-1207, CVE-2018-1211, and CVE-2018-1000116 [20 March 2018]",
            "trust": 0.8,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
          },
          {
            "title": "Dell EMC iDRAC7  and iDRAC8 Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79406"
          },
          {
            "title": "kenzer-templates",
            "trust": 0.1,
            "url": "https://github.com/Elsfa7-110/kenzer-templates "
          },
          {
            "title": "kenzer-templates",
            "trust": 0.1,
            "url": "https://github.com/ARPSyndicate/kenzer-templates "
          },
          {
            "title": "Exp101tsArchiv30thers",
            "trust": 0.1,
            "url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
          },
          {
            "title": "awesome-cve-poc_qazbnm456",
            "trust": 0.1,
            "url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-1207"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-94",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-74",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-121992"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1207"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.1,
            "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/103694"
          },
          {
            "trust": 1.8,
            "url": "https://twitter.com/nicowaisman/status/977279766792466432"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1207"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1207"
          },
          {
            "trust": 0.3,
            "url": "http://dell.com"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/94.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/elsfa7-110/kenzer-templates"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-121992"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1207"
          },
          {
            "db": "BID",
            "id": "103694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1207"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-121992"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-1207"
          },
          {
            "db": "BID",
            "id": "103694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-1207"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-03-23T00:00:00",
            "db": "VULHUB",
            "id": "VHN-121992"
          },
          {
            "date": "2018-03-23T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1207"
          },
          {
            "date": "2018-03-23T00:00:00",
            "db": "BID",
            "id": "103694"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "date": "2018-03-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          },
          {
            "date": "2018-03-23T14:29:00.277000",
            "db": "NVD",
            "id": "CVE-2018-1207"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULHUB",
            "id": "VHN-121992"
          },
          {
            "date": "2020-08-24T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-1207"
          },
          {
            "date": "2018-03-23T00:00:00",
            "db": "BID",
            "id": "103694"
          },
          {
            "date": "2018-05-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          },
          {
            "date": "2020-10-22T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          },
          {
            "date": "2024-11-21T03:59:23.730000",
            "db": "NVD",
            "id": "CVE-2018-1207"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC7 and  iDRAC8 Injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-003351"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201803-909"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201904-0130

    Vulnerability from variot - Updated: 2024-11-23 22:21

    Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. plural Dell EMC iDRAC The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RSA Archer GRC Platform is prone to multiple information disclosure vulnerabilities. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Dell EMC iDRAC9 and others are products of Dell (Dell). Dell EMC iDRAC9 is a system management solution that includes hardware and software. Dell EMC iDRAC6 is a system management solution that includes hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Dell EMC iDRAC7 is a system management solution that includes hardware and software. A buffer error vulnerability exists in several Dell products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.

    CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

    Recommendation: For CVE-2019-3705, the following RSA Archer releases contain a resolution for this vulnerability: * RSA Archer version 6.5 P1 (6.5.0.1) * RSA Archer version 6.5 P2 (6.5.0.2) [6.5 P2 contains the items fixed in 6.5 P1] * RSA Archer version 6.4 SP1 P5 (6.4.1.5)

    For CVE-2019-3706, the following RSA Archer releases contain a resolution for this vulnerability: * RSA Archer version 6.5 P2 (6.5.0.2) * RSA Archer version 6.4 SP1 P5 (6.4.1.5)

    RSA recommends all customers upgrade at the earliest opportunity.

    Severity Rating For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating (https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.

    Legal Information Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages wha tsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell Product Security Incident Response Team secure@dell.com -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlx4N6AACgkQgSlofD2Y i6dXzQ//XHQsdsvdDqGc85jOTtTRZ0VWhxe3g76dAW7u5tmKt8dyHZF4QqaXtc/p qKRdrWl6SK/ajzxhnF7PaMmLLLAYnHBzL56Vo0ZTjcXD/8rMfTh+WX8v/M06TOjG UgJTdtVGKILsBGmuViwVtvpTLsmeVhbhq34dbMscLhrgjwvrTmsCW3Zv+6w4/x5G umlHR8f+asAYs/JKJ3IvFo5i/v1wKoXsFQVXN8RtySzRVKX+Jx3fsqfCnC+cj4cz 6SnaOPQMBRTPzev4vcWGR4HxoQjE6vl3xgKYyi1bAQf6sZnZpVvzmvPi6OZDfV9q jm+32qvMbwjH2L0POwk7djnmaeZ9qRM3cYihHRJhuOaqW4UyVxhy7ZwZIXeYwOX4 lGiyqt6gtGpUjAFgI1qycGOzVu4W1pZhmIAPRk5KYFapr3BEmgWoDwrvjF7QqRq8 wt5J1Us6XWc4D+wqMIo7YZmnvO9Bz73oxBKqvZXNUJSxfQroAQhcG4DJy+TH+nC7 MWMH2EEdhL5ibCog6AMRksMmU08Cw2gIvKnotOgRIPUnirlfn22IpukqV2prBrHH zOoHOLRx865jPqPPHb4Tp+DvGDwtscwiGyI9AaeemutPbUhlibP/vMyQh8wKItCl F+iHsckY/7Mh2/FH3a0vWb57edaT4lPgvt8JwwP4OfE+a7qXpuA= =lmP4 -----END PGP SIGNATURE-----

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201904-0130",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "idrac6",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.92"
          },
          {
            "model": "idrac7",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.61.60.60"
          },
          {
            "model": "idrac8",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "2.61.60.60"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 1.8,
            "vendor": "dell",
            "version": "3.20.21.20"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "3.21.24.22"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "3.21.26.22"
          },
          {
            "model": "idrac9",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "dell",
            "version": "3.23.23.23"
          },
          {
            "model": "rsa archer grc platform",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "emc",
            "version": "6.5"
          },
          {
            "model": "rsa archer grc platform p2",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "6.5"
          },
          {
            "model": "rsa archer grc platform p1",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "6.5"
          },
          {
            "model": "rsa archer grc platform sp1 p5",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "emc",
            "version": "6.4"
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "107209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3705"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac6_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac7_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac8_firmware",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/o:dell:idrac9_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The vendor reported this issue.,Dell Product Security Incident Response Team",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          }
        ],
        "trust": 0.6
      },
      "cve": "CVE-2019-3705",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2019-3705",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.9,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-155140",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2019-3705",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "security_alert@emc.com",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.2,
                "id": "CVE-2019-3705",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2019-3705",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2019-3705",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "security_alert@emc.com",
                "id": "CVE-2019-3705",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2019-3705",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201903-026",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-155140",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2019-3705",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3705"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3705"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3705"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. plural Dell EMC iDRAC The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RSA Archer GRC Platform is prone to multiple information disclosure vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Dell EMC iDRAC9 and others are products of Dell (Dell). Dell EMC iDRAC9 is a system management solution that includes hardware and software. Dell EMC iDRAC6 is a system management solution that includes hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Dell EMC iDRAC7 is a system management solution that includes hardware and software. A buffer error vulnerability exists in several Dell products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Users\u0027 session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks. \n\nCVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\nRecommendation:\nFor CVE-2019-3705, the following RSA Archer releases contain a resolution for this vulnerability:\n*             RSA Archer version 6.5 P1 (6.5.0.1)\n*             RSA Archer version 6.5 P2 (6.5.0.2) [6.5 P2 contains the items fixed in 6.5 P1]\n*             RSA Archer version 6.4 SP1 P5 (6.4.1.5)\n\nFor CVE-2019-3706, the following RSA Archer releases contain a resolution for this vulnerability:\n*             RSA Archer version 6.5 P2 (6.5.0.2)\n*             RSA Archer version 6.4 SP1 P5 (6.4.1.5)\n\n\nRSA recommends all customers upgrade at the earliest opportunity. \n\nSeverity Rating\nFor an explanation of Severity Ratings, refer to the Security Advisories Severity Rating (https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nLegal Information\nRead and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages wha\n tsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \nDell Product Security Incident Response Team\nsecure@dell.com\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlx4N6AACgkQgSlofD2Y\ni6dXzQ//XHQsdsvdDqGc85jOTtTRZ0VWhxe3g76dAW7u5tmKt8dyHZF4QqaXtc/p\nqKRdrWl6SK/ajzxhnF7PaMmLLLAYnHBzL56Vo0ZTjcXD/8rMfTh+WX8v/M06TOjG\nUgJTdtVGKILsBGmuViwVtvpTLsmeVhbhq34dbMscLhrgjwvrTmsCW3Zv+6w4/x5G\numlHR8f+asAYs/JKJ3IvFo5i/v1wKoXsFQVXN8RtySzRVKX+Jx3fsqfCnC+cj4cz\n6SnaOPQMBRTPzev4vcWGR4HxoQjE6vl3xgKYyi1bAQf6sZnZpVvzmvPi6OZDfV9q\njm+32qvMbwjH2L0POwk7djnmaeZ9qRM3cYihHRJhuOaqW4UyVxhy7ZwZIXeYwOX4\nlGiyqt6gtGpUjAFgI1qycGOzVu4W1pZhmIAPRk5KYFapr3BEmgWoDwrvjF7QqRq8\nwt5J1Us6XWc4D+wqMIo7YZmnvO9Bz73oxBKqvZXNUJSxfQroAQhcG4DJy+TH+nC7\nMWMH2EEdhL5ibCog6AMRksMmU08Cw2gIvKnotOgRIPUnirlfn22IpukqV2prBrHH\nzOoHOLRx865jPqPPHb4Tp+DvGDwtscwiGyI9AaeemutPbUhlibP/vMyQh8wKItCl\nF+iHsckY/7Mh2/FH3a0vWb57edaT4lPgvt8JwwP4OfE+a7qXpuA=\n=lmP4\n-----END PGP SIGNATURE-----\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2019-3705"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "db": "BID",
            "id": "107209"
          },
          {
            "db": "VULHUB",
            "id": "VHN-155140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3705"
          },
          {
            "db": "PACKETSTORM",
            "id": "151935"
          }
        ],
        "trust": 2.16
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-155140",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155140"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2019-3705",
            "trust": 3.0
          },
          {
            "db": "BID",
            "id": "107209",
            "trust": 1.0
          },
          {
            "db": "PACKETSTORM",
            "id": "151935",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-155140",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3705",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3705"
          },
          {
            "db": "BID",
            "id": "107209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "db": "PACKETSTORM",
            "id": "151935"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3705"
          }
        ]
      },
      "id": "VAR-201904-0130",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155140"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2024-11-23T22:21:43.998000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "DSA-2019-028",
            "trust": 0.8,
            "url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
          },
          {
            "title": "Dell EMC RSA Archer Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89720"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-787",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-120",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-119",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155140"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3705"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
          },
          {
            "trust": 1.5,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3705"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3705"
          },
          {
            "trust": 0.7,
            "url": "http://www.securityfocus.com/bid/107209"
          },
          {
            "trust": 0.6,
            "url": "https://packetstormsecurity.com/files/151935/rsa-archer-grc-platform-information-exposure.html"
          },
          {
            "trust": 0.6,
            "url": "https://vigilance.fr/vulnerability/dell-emc-idrac6-buffer-overflow-29660"
          },
          {
            "trust": 0.3,
            "url": "http://www.rsa.com/"
          },
          {
            "trust": 0.3,
            "url": "https://seclists.org/fulldisclosure/2019/mar/4"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/787.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2019-3706"
          },
          {
            "trust": 0.1,
            "url": "https://community.rsa.com/docs/doc-1294)."
          },
          {
            "trust": 0.1,
            "url": "https://community.rsa.com/docs/doc-47147)"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-155140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3705"
          },
          {
            "db": "BID",
            "id": "107209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "db": "PACKETSTORM",
            "id": "151935"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3705"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-155140"
          },
          {
            "db": "VULMON",
            "id": "CVE-2019-3705"
          },
          {
            "db": "BID",
            "id": "107209"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "db": "PACKETSTORM",
            "id": "151935"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          },
          {
            "db": "NVD",
            "id": "CVE-2019-3705"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-155140"
          },
          {
            "date": "2019-04-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3705"
          },
          {
            "date": "2019-02-28T00:00:00",
            "db": "BID",
            "id": "107209"
          },
          {
            "date": "2019-05-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "date": "2019-03-03T16:00:16",
            "db": "PACKETSTORM",
            "id": "151935"
          },
          {
            "date": "2019-03-03T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          },
          {
            "date": "2019-04-26T19:29:00.527000",
            "db": "NVD",
            "id": "CVE-2019-3705"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULHUB",
            "id": "VHN-155140"
          },
          {
            "date": "2020-10-16T00:00:00",
            "db": "VULMON",
            "id": "CVE-2019-3705"
          },
          {
            "date": "2019-02-28T00:00:00",
            "db": "BID",
            "id": "107209"
          },
          {
            "date": "2019-05-28T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          },
          {
            "date": "2020-10-19T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          },
          {
            "date": "2024-11-21T04:42:22.237000",
            "db": "NVD",
            "id": "CVE-2019-3705"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "plural  Dell EMC iDRAC Product buffer error vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2019-004144"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "buffer error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201903-026"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2024-3411 (GCVE-0-2024-3411)

    Vulnerability from nvd – Published: 2024-04-30 18:39 – Updated: 2025-11-04 17:20
    VLAI
    Title
    Insufficient Randomness When Validating an IPMI Authenticated Session
    Summary
    Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Dell iDRAC8 Affected: 2.86.86.86
    Create a notification for this product.
    Intel IPMI Affected: 2.0, revision 1.1E7
    Create a notification for this product.
    intel * Affected: IPMI 2.0, revision 1.1E7
        cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "*",
                "vendor": "intel",
                "versions": [
                  {
                    "status": "affected",
                    "version": "IPMI 2.0, revision 1.1E7"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3411",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T15:09:39.893298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-331",
                    "description": "CWE-331 Insufficient Entropy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T21:17:11.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:29.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/163057"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/163057"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC8",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.86.86.86"
                }
              ]
            },
            {
              "product": "IPMI",
              "vendor": "Intel",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, revision 1.1E7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-03T20:35:33.625Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/163057"
            },
            {
              "url": "https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf"
            },
            {
              "url": "https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Randomness When Validating an IPMI Authenticated Session",
          "x_generator": {
            "engine": "VINCE 3.0.4",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3411"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2024-3411",
        "datePublished": "2024-04-30T18:39:36.861Z",
        "dateReserved": "2024-04-05T20:48:24.306Z",
        "dateUpdated": "2025-11-04T17:20:29.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-25951 (GCVE-0-2024-25951)

    Vulnerability from nvd – Published: 2024-03-09 05:56 – Updated: 2024-08-22 19:03
    VLAI
    Summary
    A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Integrated Dell Remote Access Controller 8 Affected: N/A , < 2.85.85.85 (semver)
    Create a notification for this product.
    dell integrated_dell_remote_access_controller_8 Affected: 0 , < 2.85.85.85 (semver)
        cpe:2.3:a:dell:integrated_dell_remote_access_controller_8:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-29 06:30
    Credits
    NCC Group
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:52:06.125Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dell:integrated_dell_remote_access_controller_8:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "integrated_dell_remote_access_controller_8",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.85.85.85",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25951",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T15:48:58.988184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T19:03:56.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Integrated Dell Remote Access Controller 8",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.85.85.85",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "NCC Group"
            }
          ],
          "datePublic": "2024-02-29T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
                }
              ],
              "value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "CWE-1288: Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-09T05:56:20.143Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-25951",
        "datePublished": "2024-03-09T05:56:20.143Z",
        "dateReserved": "2024-02-13T05:29:58.482Z",
        "dateUpdated": "2024-08-22T19:03:56.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3411 (GCVE-0-2024-3411)

    Vulnerability from cvelistv5 – Published: 2024-04-30 18:39 – Updated: 2025-11-04 17:20
    VLAI
    Title
    Insufficient Randomness When Validating an IPMI Authenticated Session
    Summary
    Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Dell iDRAC8 Affected: 2.86.86.86
    Create a notification for this product.
    Intel IPMI Affected: 2.0, revision 1.1E7
    Create a notification for this product.
    intel * Affected: IPMI 2.0, revision 1.1E7
        cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "*",
                "vendor": "intel",
                "versions": [
                  {
                    "status": "affected",
                    "version": "IPMI 2.0, revision 1.1E7"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 9.1,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3411",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T15:09:39.893298Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-331",
                    "description": "CWE-331 Insufficient Entropy",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-05T21:17:11.689Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T17:20:29.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://kb.cert.org/vuls/id/163057"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability"
              },
              {
                "url": "https://www.kb.cert.org/vuls/id/163057"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC8",
              "vendor": "Dell",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.86.86.86"
                }
              ]
            },
            {
              "product": "IPMI",
              "vendor": "Intel",
              "versions": [
                {
                  "status": "affected",
                  "version": "2.0, revision 1.1E7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-331 Insufficient Entropy",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-03T20:35:33.625Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "url": "https://kb.cert.org/vuls/id/163057"
            },
            {
              "url": "https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf"
            },
            {
              "url": "https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Insufficient Randomness When Validating an IPMI Authenticated Session",
          "x_generator": {
            "engine": "VINCE 3.0.4",
            "env": "prod",
            "origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3411"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2024-3411",
        "datePublished": "2024-04-30T18:39:36.861Z",
        "dateReserved": "2024-04-05T20:48:24.306Z",
        "dateUpdated": "2025-11-04T17:20:29.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-25951 (GCVE-0-2024-25951)

    Vulnerability from cvelistv5 – Published: 2024-03-09 05:56 – Updated: 2024-08-22 19:03
    VLAI
    Summary
    A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1288 - Improper Validation of Consistency within Input
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Integrated Dell Remote Access Controller 8 Affected: N/A , < 2.85.85.85 (semver)
    Create a notification for this product.
    dell integrated_dell_remote_access_controller_8 Affected: 0 , < 2.85.85.85 (semver)
        cpe:2.3:a:dell:integrated_dell_remote_access_controller_8:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Date Public
    2024-02-29 06:30
    Credits
    NCC Group
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T23:52:06.125Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:dell:integrated_dell_remote_access_controller_8:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "integrated_dell_remote_access_controller_8",
                "vendor": "dell",
                "versions": [
                  {
                    "lessThan": "2.85.85.85",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-25951",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-03-12T15:48:58.988184Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-22T19:03:56.178Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Integrated Dell Remote Access Controller 8",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.85.85.85",
                  "status": "affected",
                  "version": "N/A",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "NCC Group"
            }
          ],
          "datePublic": "2024-02-29T06:30:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
                }
              ],
              "value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1288",
                  "description": "CWE-1288: Improper Validation of Consistency within Input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-09T05:56:20.143Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2024-25951",
        "datePublished": "2024-03-09T05:56:20.143Z",
        "dateReserved": "2024-02-13T05:29:58.482Z",
        "dateUpdated": "2024-08-22T19:03:56.178Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }