Search

Find a vulnerability

Search criteria

    18 vulnerabilities found for idrac7_firmware by dell

    CVE-2020-5344 (GCVE-0-2020-5344)

    Vulnerability from nvd – Published: 2020-03-31 21:30 – Updated: 2024-09-17 02:02
    VLAI
    Summary
    Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Integrated Dell Remote Access Controller (iDRAC) Affected: unspecified , < 2.65.65.65 (custom)
    Create a notification for this product.
    Date Public
    2020-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integrated Dell Remote Access Controller (iDRAC)",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.65.65.65",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-31T21:30:13.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2020-03-26",
              "ID": "CVE-2020-5344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integrated Dell Remote Access Controller (iDRAC)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.65.65.65"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121: Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-5344",
        "datePublished": "2020-03-31T21:30:13.281Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:02:37.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3764 (GCVE-0-2019-3764)

    Vulnerability from nvd – Published: 2019-11-07 18:05 – Updated: 2024-09-17 04:04
    VLAI
    Summary
    Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Integrated Dell Remote Access Controller (iDRAC) Affected: unspecified , < iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36 (custom)
    Create a notification for this product.
    Date Public
    2019-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integrated Dell Remote Access Controller (iDRAC)",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-16T15:24:23.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2019-11-04",
              "ID": "CVE-2019-3764",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integrated Dell Remote Access Controller (iDRAC)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 5,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3764",
        "datePublished": "2019-11-07T18:05:40.346Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:38.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3705 (GCVE-0-2019-3705)

    Vulnerability from nvd – Published: 2019-04-26 18:22 – Updated: 2024-09-16 23:25
    VLAI
    Title
    Buffer Overflow Vulnerability
    Summary
    Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: 2.92 , < 2.92 (custom)
    Affected: 2.61.60.60 , < 2.61.60.60 (custom)
    Affected: 3.20.21.20 , < 3.20.21.20 (custom)
    Affected: 3.21.24.22 , < 3.21.24.22 (custom)
    Affected: 3.23.23.23 , < 3.23.23.23 (custom)
    Affected: 3.21.26.22 , < 3.21.26.22 (custom)
    Create a notification for this product.
    Date Public
    2019-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.92",
                  "status": "affected",
                  "version": "2.92",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "2.61.60.60",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.20.21.20",
                  "status": "affected",
                  "version": "3.20.21.20",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.24.22",
                  "status": "affected",
                  "version": "3.21.24.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.23.23.23",
                  "status": "affected",
                  "version": "3.23.23.23",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.26.22",
                  "status": "affected",
                  "version": "3.21.26.22",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-26T18:22:08.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-04-25T23:00:00.000Z",
              "ID": "CVE-2019-3705",
              "STATE": "PUBLIC",
              "TITLE": "Buffer Overflow Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.92",
                                "version_value": "2.92"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.61.60.60",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.20.21.20",
                                "version_value": "3.20.21.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.24.22",
                                "version_value": "3.21.24.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.23.23.23",
                                "version_value": "3.23.23.23"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.26.22",
                                "version_value": "3.21.26.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120 Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3705",
        "datePublished": "2019-04-26T18:22:08.963Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:25:37.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15776 (GCVE-0-2018-15776)

    Vulnerability from nvd – Published: 2018-12-13 22:00 – Updated: 2024-09-16 22:56
    VLAI
    Title
    iDRAC7, iDRAC8 - Improper Error Handling
    Summary
    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
    CWE
    • Improper Error Handling Vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: iDRAC7 , < 2.61.60.60 (custom)
    Affected: iDRAC8 , < 2.61.60.60 (custom)
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
              },
              {
                "name": "106233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Error Handling Vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
            },
            {
              "name": "106233",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106233"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iDRAC7, iDRAC8 - Improper Error Handling",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
              "ID": "CVE-2018-15776",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7, iDRAC8 - Improper Error Handling"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC7",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC8",
                                "version_value": "2.61.60.60"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Error Handling Vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
                },
                {
                  "name": "106233",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106233"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15776",
        "datePublished": "2018-12-13T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:03.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15774 (GCVE-0-2018-15774)

    Vulnerability from nvd – Published: 2018-12-13 22:00 – Updated: 2024-09-17 01:36
    VLAI
    Title
    iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability
    Summary
    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
    CWE
    • Privilege escalation vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: iDRAC7 , < 2.61.60.60 (custom)
    Affected: iDRAC8 , < 2.61.60.60 (custom)
    Affected: iDRAC9 , < 3.20.21.20 (custom)
    Affected: iDRAC9 , < 3.23.23.23 (custom)
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
              },
              {
                "name": "106233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC8",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "3.21.24.22",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.21.26.22",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "3.20.21.20",
                  "status": "affected",
                  "version": "iDRAC9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.23.23.23",
                  "status": "affected",
                  "version": "iDRAC9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
            },
            {
              "name": "106233",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106233"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
              "ID": "CVE-2018-15774",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC7",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC8",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.20.21.20"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.21.24.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.21.26.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.23.23.23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
                },
                {
                  "name": "106233",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106233"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15774",
        "datePublished": "2018-12-13T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:36:18.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1244 (GCVE-0-2018-1244)

    Vulnerability from nvd – Published: 2018-07-02 17:00 – Updated: 2024-09-16 16:53
    VLAI
    Title
    iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent.
    Summary
    Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
    CWE
    • Command injection vulnerability in the SNMP agent.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC7 Affected: unspecified , < 2.60.60.60 (custom)
    Create a notification for this product.
    Dell EMC iDRAC8 Affected: unspecified , < 2.60.60.60 (custom)
    Create a notification for this product.
    Dell EMC iDRAC9 Affected: unspecified , < 3.21.21.21 (custom)
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104964",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104964"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC7",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.60.60.60",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC8",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.60.60.60",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC9",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "3.21.21.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command injection vulnerability in the SNMP agent.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-07T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "104964",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104964"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent.",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
              "ID": "CVE-2018-1244",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC7",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.60.60.60"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC8",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.60.60.60"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC9",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.21.21.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command injection vulnerability in the SNMP agent."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104964",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104964"
                },
                {
                  "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
                  "refsource": "CONFIRM",
                  "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1244",
        "datePublished": "2018-07-02T17:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:53:27.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1243 (GCVE-0-2018-1243)

    Vulnerability from nvd – Published: 2018-07-02 17:00 – Updated: 2024-09-16 19:20
    VLAI
    Title
    iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability
    Summary
    Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
    CWE
    • Weak CGI session ID vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC6 Affected: unspecified , < 2.91 (custom)
    Create a notification for this product.
    Dell EMC iDRAC7 Affected: unspecified , < 2.60.60.60 (custom)
    Create a notification for this product.
    Dell EMC iDRAC8 Affected: unspecified , < 2.60.60.60 (custom)
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Credits
    Dell EMC would like to thank Check Point Software Technologies Ltd. for reporting the issue to us.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC6",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC7",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.60.60.60",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC8",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.60.60.60",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Dell EMC would like to thank Check Point Software Technologies Ltd. for reporting the issue to us."
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Weak CGI session ID vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-02T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
              "ID": "CVE-2018-1243",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC6",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.91"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC7",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.60.60.60"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC8",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.60.60.60"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Dell EMC would like to thank Check Point Software Technologies Ltd. for reporting the issue to us."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Weak CGI session ID vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
                  "refsource": "CONFIRM",
                  "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1243",
        "datePublished": "2018-07-02T17:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:22.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5685 (GCVE-0-2016-5685)

    Vulnerability from nvd – Published: 2016-11-29 15:00 – Updated: 2024-08-06 01:08
    VLAI
    Summary
    Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.
    Severity
    No CVSS data available.
    CWE
    • string injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC7 and iDRAC8 Affected: firmware before 2.40.40.40
    Create a notification for this product.
    Date Public
    2016-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:08:00.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
              },
              {
                "name": "94585",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94585"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC7 and iDRAC8",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware before 2.40.40.40"
                }
              ]
            }
          ],
          "datePublic": "2016-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "string injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-12T14:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
            },
            {
              "name": "94585",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94585"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2016-5685",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC7 and iDRAC8",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware before 2.40.40.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "string injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326",
                  "refsource": "CONFIRM",
                  "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
                },
                {
                  "name": "94585",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94585"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2016-5685",
        "datePublished": "2016-11-29T15:00:00.000Z",
        "dateReserved": "2016-06-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:08:00.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3589 (GCVE-0-2013-3589)

    Vulnerability from nvd – Published: 2013-09-24 10:00 – Updated: 2024-09-16 18:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/BLUU-997QVW x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/920038 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:14:56.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
              },
              {
                "name": "VU#920038",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/920038"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-09-24T10:00:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
            },
            {
              "name": "VU#920038",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/920038"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2013-3589",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.kb.cert.org/vuls/id/BLUU-997QVW",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
                },
                {
                  "name": "VU#920038",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/920038"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2013-3589",
        "datePublished": "2013-09-24T10:00:00.000Z",
        "dateReserved": "2013-05-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:23:58.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-5344 (GCVE-0-2020-5344)

    Vulnerability from cvelistv5 – Published: 2020-03-31 21:30 – Updated: 2024-09-17 02:02
    VLAI
    Summary
    Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Integrated Dell Remote Access Controller (iDRAC) Affected: unspecified , < 2.65.65.65 (custom)
    Create a notification for this product.
    Date Public
    2020-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:30:23.389Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integrated Dell Remote Access Controller (iDRAC)",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "2.65.65.65",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2020-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121: Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-31T21:30:13.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2020-03-26",
              "ID": "CVE-2020-5344",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integrated Dell Remote Access Controller (iDRAC)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.65.65.65"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 7,
                "baseSeverity": "High",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121: Stack-based Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2020-5344",
        "datePublished": "2020-03-31T21:30:13.281Z",
        "dateReserved": "2020-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T02:02:37.472Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3764 (GCVE-0-2019-3764)

    Vulnerability from cvelistv5 – Published: 2019-11-07 18:05 – Updated: 2024-09-17 04:04
    VLAI
    Summary
    Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell Integrated Dell Remote Access Controller (iDRAC) Affected: unspecified , < iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36 (custom)
    Create a notification for this product.
    Date Public
    2019-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:18.218Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Integrated Dell Remote Access Controller (iDRAC)",
              "vendor": "Dell",
              "versions": [
                {
                  "lessThan": "iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "CWE-285: Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-01-16T15:24:23.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@dell.com",
              "DATE_PUBLIC": "2019-11-04",
              "ID": "CVE-2019-3764",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Integrated Dell Remote Access Controller (iDRAC)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": 5,
                "baseSeverity": "Medium",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-285: Improper Authorization"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3764",
        "datePublished": "2019-11-07T18:05:40.346Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:04:38.776Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-3705 (GCVE-0-2019-3705)

    Vulnerability from cvelistv5 – Published: 2019-04-26 18:22 – Updated: 2024-09-16 23:25
    VLAI
    Title
    Buffer Overflow Vulnerability
    Summary
    Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: 2.92 , < 2.92 (custom)
    Affected: 2.61.60.60 , < 2.61.60.60 (custom)
    Affected: 3.20.21.20 , < 3.20.21.20 (custom)
    Affected: 3.21.24.22 , < 3.21.24.22 (custom)
    Affected: 3.23.23.23 , < 3.23.23.23 (custom)
    Affected: 3.21.26.22 , < 3.21.26.22 (custom)
    Create a notification for this product.
    Date Public
    2019-04-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T19:19:17.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.92",
                  "status": "affected",
                  "version": "2.92",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "2.61.60.60",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.20.21.20",
                  "status": "affected",
                  "version": "3.20.21.20",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.24.22",
                  "status": "affected",
                  "version": "3.21.24.22",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.23.23.23",
                  "status": "affected",
                  "version": "3.23.23.23",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.21.26.22",
                  "status": "affected",
                  "version": "3.21.26.22",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-04-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "CWE-120 Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-04-26T18:22:08.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Buffer Overflow Vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.6"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2019-04-25T23:00:00.000Z",
              "ID": "CVE-2019-3705",
              "STATE": "PUBLIC",
              "TITLE": "Buffer Overflow Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.92",
                                "version_value": "2.92"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "2.61.60.60",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.20.21.20",
                                "version_value": "3.20.21.20"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.24.22",
                                "version_value": "3.21.24.22"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.23.23.23",
                                "version_value": "3.23.23.23"
                              },
                              {
                                "version_affected": "\u003c",
                                "version_name": "3.21.26.22",
                                "version_value": "3.21.26.22"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.6"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-120 Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en",
                  "refsource": "MISC",
                  "url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2019-3705",
        "datePublished": "2019-04-26T18:22:08.963Z",
        "dateReserved": "2019-01-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:25:37.495Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15774 (GCVE-0-2018-15774)

    Vulnerability from cvelistv5 – Published: 2018-12-13 22:00 – Updated: 2024-09-17 01:36
    VLAI
    Title
    iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability
    Summary
    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
    CWE
    • Privilege escalation vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: iDRAC7 , < 2.61.60.60 (custom)
    Affected: iDRAC8 , < 2.61.60.60 (custom)
    Affected: iDRAC9 , < 3.20.21.20 (custom)
    Affected: iDRAC9 , < 3.23.23.23 (custom)
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.579Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
              },
              {
                "name": "106233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC8",
                  "versionType": "custom"
                },
                {
                  "changes": [
                    {
                      "at": "3.21.24.22",
                      "status": "unaffected"
                    },
                    {
                      "at": "3.21.26.22",
                      "status": "unaffected"
                    }
                  ],
                  "lessThan": "3.20.21.20",
                  "status": "affected",
                  "version": "iDRAC9",
                  "versionType": "custom"
                },
                {
                  "lessThan": "3.23.23.23",
                  "status": "affected",
                  "version": "iDRAC9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege escalation vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
            },
            {
              "name": "106233",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106233"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
              "ID": "CVE-2018-15774",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC7",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC8",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.20.21.20"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.21.24.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.21.26.22"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC9",
                                "version_value": "3.23.23.23"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 3.8,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege escalation vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
                },
                {
                  "name": "106233",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106233"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15774",
        "datePublished": "2018-12-13T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:36:18.120Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-15776 (GCVE-0-2018-15776)

    Vulnerability from cvelistv5 – Published: 2018-12-13 22:00 – Updated: 2024-09-16 22:56
    VLAI
    Title
    iDRAC7, iDRAC8 - Improper Error Handling
    Summary
    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
    CWE
    • Improper Error Handling Vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC Affected: iDRAC7 , < 2.61.60.60 (custom)
    Affected: iDRAC8 , < 2.61.60.60 (custom)
    Create a notification for this product.
    Date Public
    2018-12-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T10:01:54.552Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
              },
              {
                "name": "106233",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106233"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "2.61.60.60",
                  "status": "affected",
                  "version": "iDRAC8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-12-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Improper Error Handling Vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-12-19T10:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
            },
            {
              "name": "106233",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106233"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iDRAC7, iDRAC8 - Improper Error Handling",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
              "ID": "CVE-2018-15776",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7, iDRAC8 - Improper Error Handling"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC7",
                                "version_value": "2.61.60.60"
                              },
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_name": "iDRAC8",
                                "version_value": "2.61.60.60"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Improper Error Handling Vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
                  "refsource": "CONFIRM",
                  "url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
                },
                {
                  "name": "106233",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106233"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-15776",
        "datePublished": "2018-12-13T22:00:00.000Z",
        "dateReserved": "2018-08-23T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:56:03.854Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1243 (GCVE-0-2018-1243)

    Vulnerability from cvelistv5 – Published: 2018-07-02 17:00 – Updated: 2024-09-16 19:20
    VLAI
    Title
    iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability
    Summary
    Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
    CWE
    • Weak CGI session ID vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC6 Affected: unspecified , < 2.91 (custom)
    Create a notification for this product.
    Dell EMC iDRAC7 Affected: unspecified , < 2.60.60.60 (custom)
    Create a notification for this product.
    Dell EMC iDRAC8 Affected: unspecified , < 2.60.60.60 (custom)
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Credits
    Dell EMC would like to thank Check Point Software Technologies Ltd. for reporting the issue to us.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.924Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC6",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC7",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.60.60.60",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC8",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.60.60.60",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Dell EMC would like to thank Check Point Software Technologies Ltd. for reporting the issue to us."
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Weak CGI session ID vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-02T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
              "ID": "CVE-2018-1243",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC6",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.91"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC7",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.60.60.60"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC8",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.60.60.60"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Dell EMC would like to thank Check Point Software Technologies Ltd. for reporting the issue to us."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Weak CGI session ID vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
                  "refsource": "CONFIRM",
                  "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1243",
        "datePublished": "2018-07-02T17:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:22.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1244 (GCVE-0-2018-1244)

    Vulnerability from cvelistv5 – Published: 2018-07-02 17:00 – Updated: 2024-09-16 16:53
    VLAI
    Title
    iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent.
    Summary
    Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
    CWE
    • Command injection vulnerability in the SNMP agent.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC7 Affected: unspecified , < 2.60.60.60 (custom)
    Create a notification for this product.
    Dell EMC iDRAC8 Affected: unspecified , < 2.60.60.60 (custom)
    Create a notification for this product.
    Dell EMC iDRAC9 Affected: unspecified , < 3.21.21.21 (custom)
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.994Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "104964",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/104964"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC7",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.60.60.60",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC8",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.60.60.60",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC9",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "3.21.21.21",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Command injection vulnerability in the SNMP agent.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-07T09:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "name": "104964",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/104964"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent.",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
              "ID": "CVE-2018-1244",
              "STATE": "PUBLIC",
              "TITLE": "iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent."
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC7",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.60.60.60"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC8",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.60.60.60"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC9",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "3.21.21.21"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Command injection vulnerability in the SNMP agent."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "104964",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/104964"
                },
                {
                  "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
                  "refsource": "CONFIRM",
                  "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1244",
        "datePublished": "2018-07-02T17:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:53:27.629Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-5685 (GCVE-0-2016-5685)

    Vulnerability from cvelistv5 – Published: 2016-11-29 15:00 – Updated: 2024-08-06 01:08
    VLAI
    Summary
    Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.
    Severity
    No CVSS data available.
    CWE
    • string injection
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC7 and iDRAC8 Affected: firmware before 2.40.40.40
    Create a notification for this product.
    Date Public
    2016-11-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T01:08:00.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
              },
              {
                "name": "94585",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94585"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC7 and iDRAC8",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware before 2.40.40.40"
                }
              ]
            }
          ],
          "datePublic": "2016-11-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "string injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-12T14:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
            },
            {
              "name": "94585",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94585"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "ID": "CVE-2016-5685",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC7 and iDRAC8",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware before 2.40.40.40"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "string injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326",
                  "refsource": "CONFIRM",
                  "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
                },
                {
                  "name": "94585",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94585"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2016-5685",
        "datePublished": "2016-11-29T15:00:00.000Z",
        "dateReserved": "2016-06-16T00:00:00.000Z",
        "dateUpdated": "2024-08-06T01:08:00.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-3589 (GCVE-0-2013-3589)

    Vulnerability from cvelistv5 – Published: 2013-09-24 10:00 – Updated: 2024-09-16 18:23
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/BLUU-997QVW x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/920038 third-party-advisoryx_refsource_CERT-VN
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T16:14:56.448Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
              },
              {
                "name": "VU#920038",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/920038"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-09-24T10:00:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
            },
            {
              "name": "VU#920038",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/920038"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2013-3589",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.kb.cert.org/vuls/id/BLUU-997QVW",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
                },
                {
                  "name": "VU#920038",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/920038"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2013-3589",
        "datePublished": "2013-09-24T10:00:00.000Z",
        "dateReserved": "2013-05-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:23:58.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }