Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
16 vulnerabilities found for iDRAC Service Module (iSM) by Dell
CVE-2025-38743 (GCVE-0-2025-38743)
Vulnerability from nvd – Published: 2025-08-21 18:46 – Updated: 2026-02-26 17:48
VLAI
Summary
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00035961… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , < 6.0.3.0
(semver)
|
Date Public
2025-08-21 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T03:55:46.643753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:18.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThan": "6.0.3.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-21T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.\u003c/span\u003e"
}
],
"value": "Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "CWE-805: Buffer Access with Incorrect Length Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T18:46:41.317Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000359617/dsa-2025-311-security-update-for-dell-idrac-service-module-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-38743",
"datePublished": "2025-08-21T18:46:41.317Z",
"dateReserved": "2025-04-16T05:03:52.415Z",
"dateUpdated": "2026-02-26T17:48:18.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38742 (GCVE-0-2025-38742)
Vulnerability from nvd – Published: 2025-08-21 18:42 – Updated: 2026-02-26 17:48
VLAI
Summary
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00035961… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , < 6.0.3.0
(semver)
|
Date Public
2025-08-21 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T03:55:51.245196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:19.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThan": "6.0.3.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-21T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.\u003c/span\u003e"
}
],
"value": "Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T18:42:34.146Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000359617/dsa-2025-311-security-update-for-dell-idrac-service-module-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-38742",
"datePublished": "2025-08-21T18:42:34.146Z",
"dateReserved": "2025-04-16T05:03:52.415Z",
"dateUpdated": "2026-02-26T17:48:19.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38490 (GCVE-0-2024-38490)
Vulnerability from nvd – Published: 2024-08-01 07:19 – Updated: 2024-08-01 18:59
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
|
| dell | emc_idrac_service_module |
Affected:
0 , ≤ 5.3.0.0
(semver)
cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:* |
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "emc_idrac_service_module",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:23:55.843814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:59:51.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:19:25.493Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38490",
"datePublished": "2024-08-01T07:19:25.493Z",
"dateReserved": "2024-06-18T01:53:34.136Z",
"dateUpdated": "2024-08-01T18:59:51.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38489 (GCVE-0-2024-38489)
Vulnerability from nvd – Published: 2024-08-01 07:15 – Updated: 2024-08-01 13:20
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:20:18.927016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:20:25.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:15:25.948Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38489",
"datePublished": "2024-08-01T07:15:25.948Z",
"dateReserved": "2024-06-18T01:53:34.136Z",
"dateUpdated": "2024-08-01T13:20:25.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38481 (GCVE-0-2024-38481)
Vulnerability from nvd – Published: 2024-08-01 07:23 – Updated: 2024-08-01 18:59
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
|
| dell | emc_idrac_service_module |
Affected:
0 , < 5.3.0.0
(semver)
cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:* |
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "emc_idrac_service_module",
"vendor": "dell",
"versions": [
{
"lessThan": "5.3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:55:34.743333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:59:55.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:23:56.257Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38481",
"datePublished": "2024-08-01T07:23:56.257Z",
"dateReserved": "2024-06-18T01:53:34.135Z",
"dateUpdated": "2024-08-01T18:59:55.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25948 (GCVE-0-2024-25948)
Vulnerability from nvd – Published: 2024-08-01 07:09 – Updated: 2024-08-01 19:03
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
|
| dell | emc_idrac_service_module |
Affected:
0 , < 5.3.0.0
(semver)
cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:* |
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "emc_idrac_service_module",
"vendor": "dell",
"versions": [
{
"lessThan": "5.3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:03:53.686975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:59.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:09:53.214Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25948",
"datePublished": "2024-08-01T07:09:53.214Z",
"dateReserved": "2024-02-13T05:29:58.482Z",
"dateUpdated": "2024-08-01T19:03:59.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25947 (GCVE-0-2024-25947)
Vulnerability from nvd – Published: 2024-08-01 07:04 – Updated: 2024-08-01 13:14
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:14:31.977149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:14:46.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:04:14.332Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25947",
"datePublished": "2024-08-01T07:04:14.332Z",
"dateReserved": "2024-02-13T05:29:58.482Z",
"dateUpdated": "2024-08-01T13:14:46.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22428 (GCVE-0-2024-22428)
Vulnerability from nvd – Published: 2024-01-16 04:02 – Updated: 2024-11-13 20:54
VLAI
Summary
Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022112… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
5.1.0.0 , ≤ 5.2.0.0
(semver)
|
Date Public
2024-01-16 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-22T19:20:46.930200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T20:54:09.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": " 5.2.0.0",
"status": "affected",
"version": "5.1.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-16T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIt may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.\u003c/span\u003e\n\n"
}
],
"value": "\nDell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability.\u00a0It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T11:28:37.259Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-22428",
"datePublished": "2024-01-16T04:02:01.593Z",
"dateReserved": "2024-01-10T15:23:01.337Z",
"dateUpdated": "2024-11-13T20:54:09.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-38743 (GCVE-0-2025-38743)
Vulnerability from cvelistv5 – Published: 2025-08-21 18:46 – Updated: 2026-02-26 17:48
VLAI
Summary
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-805 - Buffer Access with Incorrect Length Value
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00035961… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , < 6.0.3.0
(semver)
|
Date Public
2025-08-21 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38743",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T03:55:46.643753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:18.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThan": "6.0.3.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-21T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges.\u003c/span\u003e"
}
],
"value": "Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains a Buffer Access with Incorrect Length Value vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-805",
"description": "CWE-805: Buffer Access with Incorrect Length Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T18:46:41.317Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000359617/dsa-2025-311-security-update-for-dell-idrac-service-module-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-38743",
"datePublished": "2025-08-21T18:46:41.317Z",
"dateReserved": "2025-04-16T05:03:52.415Z",
"dateUpdated": "2026-02-26T17:48:18.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-38742 (GCVE-0-2025-38742)
Vulnerability from cvelistv5 – Published: 2025-08-21 18:42 – Updated: 2026-02-26 17:48
VLAI
Summary
Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.
Severity
5.3 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00035961… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , < 6.0.3.0
(semver)
|
Date Public
2025-08-21 17:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-38742",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T03:55:51.245196Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:48:19.613Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThan": "6.0.3.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-08-21T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.\u003c/span\u003e"
}
],
"value": "Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-21T18:42:34.146Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000359617/dsa-2025-311-security-update-for-dell-idrac-service-module-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-38742",
"datePublished": "2025-08-21T18:42:34.146Z",
"dateReserved": "2025-04-16T05:03:52.415Z",
"dateUpdated": "2026-02-26T17:48:19.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-38481 (GCVE-0-2024-38481)
Vulnerability from cvelistv5 – Published: 2024-08-01 07:23 – Updated: 2024-08-01 18:59
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
|
| dell | emc_idrac_service_module |
Affected:
0 , < 5.3.0.0
(semver)
cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:* |
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "emc_idrac_service_module",
"vendor": "dell",
"versions": [
{
"lessThan": "5.3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38481",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:55:34.743333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:59:55.991Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:23:56.257Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38481",
"datePublished": "2024-08-01T07:23:56.257Z",
"dateReserved": "2024-06-18T01:53:34.135Z",
"dateUpdated": "2024-08-01T18:59:55.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38490 (GCVE-0-2024-38490)
Vulnerability from cvelistv5 – Published: 2024-08-01 07:19 – Updated: 2024-08-01 18:59
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Severity
5.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
|
| dell | emc_idrac_service_module |
Affected:
0 , ≤ 5.3.0.0
(semver)
cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:* |
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "emc_idrac_service_module",
"vendor": "dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38490",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T18:23:55.843814Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T18:59:51.674Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:19:25.493Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38490",
"datePublished": "2024-08-01T07:19:25.493Z",
"dateReserved": "2024-06-18T01:53:34.136Z",
"dateUpdated": "2024-08-01T18:59:51.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38489 (GCVE-0-2024-38489)
Vulnerability from cvelistv5 – Published: 2024-08-01 07:15 – Updated: 2024-08-01 13:20
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38489",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:20:18.927016Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:20:25.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:15:25.948Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-38489",
"datePublished": "2024-08-01T07:15:25.948Z",
"dateReserved": "2024-06-18T01:53:34.136Z",
"dateUpdated": "2024-08-01T13:20:25.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25948 (GCVE-0-2024-25948)
Vulnerability from cvelistv5 – Published: 2024-08-01 07:09 – Updated: 2024-08-01 19:03
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
|
| dell | emc_idrac_service_module |
Affected:
0 , < 5.3.0.0
(semver)
cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:* |
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:emc_idrac_service_module:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "emc_idrac_service_module",
"vendor": "dell",
"versions": [
{
"lessThan": "5.3.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25948",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T19:03:53.686975Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T19:03:59.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:09:53.214Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25948",
"datePublished": "2024-08-01T07:09:53.214Z",
"dateReserved": "2024-02-13T05:29:58.482Z",
"dateUpdated": "2024-08-01T19:03:59.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25947 (GCVE-0-2024-25947)
Vulnerability from cvelistv5 – Published: 2024-08-01 07:04 – Updated: 2024-08-01 13:14
VLAI
Summary
Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event.
Severity
4.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022744… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
N/A , ≤ 5.3.0.0
(semver)
|
Date Public
2024-07-31 06:30
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T13:14:31.977149Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T13:14:46.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": "5.3.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-07-31T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"value": "Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-01T07:04:14.332Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000227444/dsa-2024-086-security-update-for-dell-idrac-service-module-for-memory-corruption-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25947",
"datePublished": "2024-08-01T07:04:14.332Z",
"dateReserved": "2024-02-13T05:29:58.482Z",
"dateUpdated": "2024-08-01T13:14:46.100Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22428 (GCVE-0-2024-22428)
Vulnerability from cvelistv5 – Published: 2024-01-16 04:02 – Updated: 2024-11-13 20:54
VLAI
Summary
Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.dell.com/support/kbdoc/en-us/00022112… | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Dell | iDRAC Service Module (iSM) |
Affected:
5.1.0.0 , ≤ 5.2.0.0
(semver)
|
Date Public
2024-01-16 06:30
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-22T19:20:46.930200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T20:54:09.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iDRAC Service Module (iSM)",
"vendor": "Dell",
"versions": [
{
"lessThanOrEqual": " 5.2.0.0",
"status": "affected",
"version": "5.1.0.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-01-16T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eDell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIt may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.\u003c/span\u003e\n\n"
}
],
"value": "\nDell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability.\u00a0It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276: Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-07T11:28:37.259Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-22428",
"datePublished": "2024-01-16T04:02:01.593Z",
"dateReserved": "2024-01-10T15:23:01.337Z",
"dateUpdated": "2024-11-13T20:54:09.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}