Search criteria
20 vulnerabilities found for iDRAC8 by Dell
CVE-2024-3411 (GCVE-0-2024-3411)
Vulnerability from cvelistv5 – Published: 2024-04-30 18:39 – Updated: 2025-11-04 17:20
VLAI?
Title
Insufficient Randomness When Validating an IPMI Authenticated Session
Summary
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device.
Severity ?
9.1 (Critical)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "*",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "IPMI 2.0, revision 1.1E7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T15:09:39.893298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:17:11.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:29.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/163057"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability"
},
{
"url": "https://www.kb.cert.org/vuls/id/163057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iDRAC8",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "2.86.86.86"
}
]
},
{
"product": "IPMI",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "2.0, revision 1.1E7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-331 Insufficient Entropy",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T20:35:33.625Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/163057"
},
{
"url": "https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf"
},
{
"url": "https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Randomness When Validating an IPMI Authenticated Session",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3411"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3411",
"datePublished": "2024-04-30T18:39:36.861Z",
"dateReserved": "2024-04-05T20:48:24.306Z",
"dateUpdated": "2025-11-04T17:20:29.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-25951 (GCVE-0-2024-25951)
Vulnerability from cvelistv5 – Published: 2024-03-09 05:56 – Updated: 2024-08-22 19:03
VLAI?
Summary
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
Severity ?
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Dell Remote Access Controller 8 |
Affected:
N/A , < 2.85.85.85
(semver)
|
Credits
NCC Group
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:integrated_dell_remote_access_controller_8:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "integrated_dell_remote_access_controller_8",
"vendor": "dell",
"versions": [
{
"lessThan": "2.85.85.85",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T15:48:58.988184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:03:56.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Integrated Dell Remote Access Controller 8",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.85.85.85",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "NCC Group"
}
],
"datePublic": "2024-02-29T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
}
],
"value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288: Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-09T05:56:20.143Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25951",
"datePublished": "2024-03-09T05:56:20.143Z",
"dateReserved": "2024-02-13T05:29:58.482Z",
"dateUpdated": "2024-08-22T19:03:56.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3411 (GCVE-0-2024-3411)
Vulnerability from nvd – Published: 2024-04-30 18:39 – Updated: 2025-11-04 17:20
VLAI?
Title
Insufficient Randomness When Validating an IPMI Authenticated Session
Summary
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device.
Severity ?
9.1 (Critical)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:intel:*:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "*",
"vendor": "intel",
"versions": [
{
"status": "affected",
"version": "IPMI 2.0, revision 1.1E7"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-3411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T15:09:39.893298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T21:17:11.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T17:20:29.012Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/163057"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability"
},
{
"url": "https://www.kb.cert.org/vuls/id/163057"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iDRAC8",
"vendor": "Dell",
"versions": [
{
"status": "affected",
"version": "2.86.86.86"
}
]
},
{
"product": "IPMI",
"vendor": "Intel",
"versions": [
{
"status": "affected",
"version": "2.0, revision 1.1E7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-331 Insufficient Entropy",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-03T20:35:33.625Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://kb.cert.org/vuls/id/163057"
},
{
"url": "https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf"
},
{
"url": "https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-for-dell-idrac8-ipmi-session-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insufficient Randomness When Validating an IPMI Authenticated Session",
"x_generator": {
"engine": "VINCE 3.0.4",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2024-3411"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2024-3411",
"datePublished": "2024-04-30T18:39:36.861Z",
"dateReserved": "2024-04-05T20:48:24.306Z",
"dateUpdated": "2025-11-04T17:20:29.012Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-25951 (GCVE-0-2024-25951)
Vulnerability from nvd – Published: 2024-03-09 05:56 – Updated: 2024-08-22 19:03
VLAI?
Summary
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
Severity ?
CWE
- CWE-1288 - Improper Validation of Consistency within Input
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Dell Remote Access Controller 8 |
Affected:
N/A , < 2.85.85.85
(semver)
|
Credits
NCC Group
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:dell:integrated_dell_remote_access_controller_8:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "integrated_dell_remote_access_controller_8",
"vendor": "dell",
"versions": [
{
"lessThan": "2.85.85.85",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-12T15:48:58.988184Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T19:03:56.178Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Integrated Dell Remote Access Controller 8",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.85.85.85",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "NCC Group"
}
],
"datePublic": "2024-02-29T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
}
],
"value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1288",
"description": "CWE-1288: Improper Validation of Consistency within Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-09T05:56:20.143Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25951",
"datePublished": "2024-03-09T05:56:20.143Z",
"dateReserved": "2024-02-13T05:29:58.482Z",
"dateUpdated": "2024-08-22T19:03:56.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-25951
Vulnerability from fkie_nvd - Published: 2024-03-09 06:15 - Updated: 2025-01-31 16:07
Severity ?
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.0 (High) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC4DEB2-97C8-4126-AED8-FA9E028CB25B",
"versionEndExcluding": "2.85.85.85",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en RACADM local. Un usuario autenticado malintencionado podr\u00eda obtener el control del sistema operativo subyacente."
}
],
"id": "CVE-2024-25951",
"lastModified": "2025-01-31T16:07:35.397",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-03-09T06:15:50.797",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1288"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-201704-0164
Vulnerability from variot - Updated: 2023-12-18 14:01Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Dell iDRAC7 and iDRAC8 Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Dell iDRAC Products are prone to a remote format-string vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application or cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated remote access controller",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "2.20.20.20"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "integrated remote access controller",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.20.20.20"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.4"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.57.57"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.56.55"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
}
],
"sources": [
{
"db": "BID",
"id": "97561"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"db": "NVD",
"id": "CVE-2015-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.20.20.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7271"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "97561"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7271",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7271",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85232",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7271",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7271",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-536",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85232",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-7271",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85232"
},
{
"db": "VULMON",
"id": "CVE-2015-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"db": "NVD",
"id": "CVE-2015-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. Dell iDRAC7 and iDRAC8 Contains a format string vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Multiple Dell iDRAC Products are prone to a remote format-string vulnerability. \nRemote attackers can exploit this issue to execute arbitrary code in the context of the application or cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"db": "BID",
"id": "97561"
},
{
"db": "VULHUB",
"id": "VHN-85232"
},
{
"db": "VULMON",
"id": "CVE-2015-7271"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7271",
"trust": 2.9
},
{
"db": "BID",
"id": "97561",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007495",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-536",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85232",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7271",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85232"
},
{
"db": "VULMON",
"id": "CVE-2015-7271"
},
{
"db": "BID",
"id": "97561"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"db": "NVD",
"id": "CVE-2015-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
]
},
"id": "VAR-201704-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85232"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:01:39.731000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
"trust": 0.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"title": "Dell Integrated Remote Access Controller 7 and 8 Fixes for formatting string vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70170"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7271"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-134",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"db": "NVD",
"id": "CVE-2015-7271"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/97561"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7271"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7271"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/134.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85232"
},
{
"db": "VULMON",
"id": "CVE-2015-7271"
},
{
"db": "BID",
"id": "97561"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"db": "NVD",
"id": "CVE-2015-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85232"
},
{
"db": "VULMON",
"id": "CVE-2015-7271"
},
{
"db": "BID",
"id": "97561"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"db": "NVD",
"id": "CVE-2015-7271"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-85232"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7271"
},
{
"date": "2017-04-09T00:00:00",
"db": "BID",
"id": "97561"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"date": "2017-04-10T03:59:00.780000",
"db": "NVD",
"id": "CVE-2015-7271"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-85232"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7271"
},
{
"date": "2017-04-18T00:04:00",
"db": "BID",
"id": "97561"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007495"
},
{
"date": "2017-04-14T13:40:41.957000",
"db": "NVD",
"id": "CVE-2015-7271"
},
{
"date": "2017-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell iDRAC7 and iDRAC8 Vulnerabilities related to format strings",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007495"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "format string",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-536"
}
],
"trust": 0.6
}
}
VAR-201803-1416
Vulnerability from variot - Updated: 2023-12-18 13:57Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. Dell EMC iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information may be obtained. Multiple Dell Products are prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Web server is one of the web servers. URI parser is one of the URI parsers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1416",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "emc idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.40.40.40"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.4"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.40.40.40"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.57.57"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.56.55"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.52.52.52"
}
],
"sources": [
{
"db": "BID",
"id": "103768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"db": "NVD",
"id": "CVE-2018-1211"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:emc_idrac8:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.52.52.52",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.52.52.52",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1211"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Immunity Team (Immunity Inc.)",
"sources": [
{
"db": "BID",
"id": "103768"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1211",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1211",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122036",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1211",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1211",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-908",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122036",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1211",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122036"
},
{
"db": "VULMON",
"id": "CVE-2018-1211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"db": "NVD",
"id": "CVE-2018-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server\u0027s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. Dell EMC iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information may be obtained. Multiple Dell Products are prone to a directory-traversal vulnerability. \nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve sensitive information. This may aid in further attacks. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Web server is one of the web servers. URI parser is one of the URI parsers",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"db": "BID",
"id": "103768"
},
{
"db": "VULHUB",
"id": "VHN-122036"
},
{
"db": "VULMON",
"id": "CVE-2018-1211"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1211",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-908",
"trust": 0.7
},
{
"db": "BID",
"id": "103768",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-122036",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1211",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122036"
},
{
"db": "VULMON",
"id": "CVE-2018-1211"
},
{
"db": "BID",
"id": "103768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"db": "NVD",
"id": "CVE-2018-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
]
},
"id": "VAR-201803-1416",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122036"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:57:05.962000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC Response to Common Vulnerabilities and Exposures CVE-2018-1207, CVE-2018-1211, and CVE-2018-1000116 [20 March 2018]",
"trust": 0.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"title": "Dell EMC iDRAC7 and iDRAC8 Web server URI Fixes for resolver path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79405"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1211"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122036"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"db": "NVD",
"id": "CVE-2018-1211"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1211"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1211"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122036"
},
{
"db": "VULMON",
"id": "CVE-2018-1211"
},
{
"db": "BID",
"id": "103768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"db": "NVD",
"id": "CVE-2018-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122036"
},
{
"db": "VULMON",
"id": "CVE-2018-1211"
},
{
"db": "BID",
"id": "103768"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"db": "NVD",
"id": "CVE-2018-1211"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-122036"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1211"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103768"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"date": "2018-03-23T14:29:00.353000",
"db": "NVD",
"id": "CVE-2018-1211"
},
{
"date": "2018-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-19T00:00:00",
"db": "VULHUB",
"id": "VHN-122036"
},
{
"date": "2018-04-19T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1211"
},
{
"date": "2018-03-20T00:00:00",
"db": "BID",
"id": "103768"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003352"
},
{
"date": "2018-04-19T14:55:46.837000",
"db": "NVD",
"id": "CVE-2018-1211"
},
{
"date": "2018-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7 and iDRAC8 Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003352"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-908"
}
],
"trust": 0.6
}
}
VAR-201704-0166
Vulnerability from variot - Updated: 2023-12-18 13:48Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Dell iDRAC7 and iDRAC8 Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. A cross-site scripting vulnerability exists in Dell iDRAC 7 and 8 prior to 2.21.21.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0166",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated remote access controller",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "2.20.20.20"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "integrated remote access controller",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.20.20.20"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"db": "NVD",
"id": "CVE-2015-7273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.20.20.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7273"
}
]
},
"cve": "CVE-2015-7273",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7273",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85234",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7273",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7273",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-534",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85234",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-7273",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85234"
},
{
"db": "VULMON",
"id": "CVE-2015-7273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"db": "NVD",
"id": "CVE-2015-7273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Dell iDRAC7 and iDRAC8 Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. A cross-site scripting vulnerability exists in Dell iDRAC 7 and 8 prior to 2.21.21.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"db": "VULHUB",
"id": "VHN-85234"
},
{
"db": "VULMON",
"id": "CVE-2015-7273"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7273",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007497",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-534",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85234",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7273",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85234"
},
{
"db": "VULMON",
"id": "CVE-2015-7273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"db": "NVD",
"id": "CVE-2015-7273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
]
},
"id": "VAR-201704-0166",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85234"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:48:39.996000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
"trust": 0.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"title": "Dell Integrated Remote Access Controller 7 and 8 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70168"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-611",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85234"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"db": "NVD",
"id": "CVE-2015-7273"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7273"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7273"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/611.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85234"
},
{
"db": "VULMON",
"id": "CVE-2015-7273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"db": "NVD",
"id": "CVE-2015-7273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85234"
},
{
"db": "VULMON",
"id": "CVE-2015-7273"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"db": "NVD",
"id": "CVE-2015-7273"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-85234"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7273"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"date": "2017-04-10T03:59:00.827000",
"db": "NVD",
"id": "CVE-2015-7273"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-85234"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7273"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007497"
},
{
"date": "2017-04-14T13:26:58.773000",
"db": "NVD",
"id": "CVE-2015-7273"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell iDRAC7 and iDRAC8 In XML External entity vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007497"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-534"
}
],
"trust": 0.6
}
}
VAR-201807-1252
Vulnerability from variot - Updated: 2023-12-18 13:33Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac6",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.91"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.10.10"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.23.23"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.00.00"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.7"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.40.40"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.06.06"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.20.20"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.37.35"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.8"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.95"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.91",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.21.21.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1243"
}
]
},
"cve": "CVE-2018-1243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1243",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122388",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1243",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1243",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-1243",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122388",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1243",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1243",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122388",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1243",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"id": "VAR-201807-1252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:47.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iDRAC9 Home",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja"
},
{
"title": "Multiple Dell Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81664"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-358",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1243"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1243"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/358.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-122388"
},
{
"date": "2018-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"date": "2018-07-02T17:29:00.347000",
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"date": "2018-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-122388"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"date": "2019-10-09T23:38:16.460000",
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Vulnerabilities related to security checks in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
],
"trust": 0.6
}
}
VAR-201807-1253
Vulnerability from variot - Updated: 2023-12-18 13:28Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. Dell EMC iDRAC7 , iDRAC8 ,and iDRAC9 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Dell EMC Products are prone to remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.10.10"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.23.23"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.00.00"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.40.40"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.06.06"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.20.20"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.37.35"
},
{
"model": "emc idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.0"
},
{
"model": "emc idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "emc idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "emc idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "emc idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "emc idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.60.60.60"
}
],
"sources": [
{
"db": "BID",
"id": "104964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.21.21.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1244"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "104964"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1244",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1244",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-122399",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1244",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1244",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-1244",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-057",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122399",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1244",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. Dell EMC iDRAC7 , iDRAC8 ,and iDRAC9 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Dell EMC Products are prone to remote command-injection vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "BID",
"id": "104964"
},
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "104964",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2018-1244",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122399",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1244",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "BID",
"id": "104964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"id": "VAR-201807-1253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
}
],
"trust": 0.6769231
},
"last_update_date": "2023-12-18T13:28:50.206000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iDRAC9 Home",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja"
},
{
"title": "Dell EMC iDRAC7 , iDRAC8 and iDRAC9 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81663"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/104964"
},
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1244"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1244"
},
{
"trust": 0.3,
"url": "http://www.emc.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "BID",
"id": "104964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "BID",
"id": "104964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-122399"
},
{
"date": "2018-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"date": "2018-08-06T00:00:00",
"db": "BID",
"id": "104964"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"date": "2018-07-02T17:29:00.380000",
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"date": "2018-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-122399"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"date": "2018-08-06T00:00:00",
"db": "BID",
"id": "104964"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"date": "2019-10-09T23:38:16.587000",
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Command injection vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
],
"trust": 0.6
}
}
VAR-201812-0038
Vulnerability from variot - Updated: 2023-12-18 13:23Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. Dell EMC iDRAC7 , iDRAC8 , iDRAC9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. Dell EMC iDRAC7, iDRAC8 and iDRAC9 are all system management solutions of Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.20.20.20"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.19.19.19"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.18.18.18"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.20.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.18.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.17.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.16.16.16"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.19.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.17.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.15.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.11.11.11"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.00.00.00"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.61.60.60"
}
],
"sources": [
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.21.24.22",
"versionStartIncluding": "3.21.21.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.20.21.20",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15774"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jon Sands and Adam Nielsen",
"sources": [
{
"db": "BID",
"id": "106233"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15774",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-15774",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-126067",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-126069",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15774",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15774",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-15774",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-674",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-126067",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126069",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-15774",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. Dell EMC iDRAC7 , iDRAC8 , iDRAC9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC is prone to the following security vulnerabilities:\n1. A privilege-escalation vulnerability\n2. Dell EMC iDRAC7, iDRAC8 and iDRAC9 are all system management solutions of Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15774",
"trust": 3.0
},
{
"db": "BID",
"id": "106233",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-15727",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126067",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-15728",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126069",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15774",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"id": "VAR-201812-0038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
}
],
"trust": 0.02
},
"last_update_date": "2023-12-18T13:23:54.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC \u306e\u8907\u6570\u306e\u8106\u5f31\u6027 (cve-2018-15774 \u304a\u3088\u3073 cve-2018-15776)",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-\u306e\u8907\u6570\u306e\u8106\u5f31\u6027-cve-2018-15774-\u304a\u3088\u3073-cve-2018-15776?lang=ja"
},
{
"title": "Dell EMC iDRAC Multiple Vulnerabilities (CVE-2018-15774 and CVE-2018-15776)",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776?lang=en"
},
{
"title": "Dell EMC iDRAC7 , iDRAC8 and iDRAC9 Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87909"
},
{
"title": "reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling",
"trust": 0.1,
"url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
},
{
"problemtype": "CWE-388",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/106233"
},
{
"trust": 2.2,
"url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15774"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15774"
},
{
"trust": 0.3,
"url": "https://www.dellemc.com/en-us/index.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-126067"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-126069"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106233"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"date": "2018-12-13T22:29:00.327000",
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-126067"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-126069"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106233"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"date": "2019-10-09T23:35:52.893000",
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
],
"trust": 0.6
}
}
VAR-201812-0039
Vulnerability from variot - Updated: 2023-12-18 13:23Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. Dell EMC iDRAC is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. A local unauthorized-access vulnerability An attacker can exploit this issue to run processes with elevated privileges, gain unauthorized access and execute arbitrary commands with user privileges in context of the affected application. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.20.20.20"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.19.19.19"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.18.18.18"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.20.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.18.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.17.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.16.16.16"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.19.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.17.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.15.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.11.11.11"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.00.00.00"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.61.60.60"
}
],
"sources": [
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15776"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jon Sands and Adam Nielsen",
"sources": [
{
"db": "BID",
"id": "106233"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15776",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-15776",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-126069",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15776",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15776",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-15776",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-673",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126069",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-15776",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. Dell EMC iDRAC is prone to the following security vulnerabilities:\n1. A privilege-escalation vulnerability\n2. A local unauthorized-access vulnerability\nAn attacker can exploit this issue to run processes with elevated privileges, gain unauthorized access and execute arbitrary commands with user privileges in context of the affected application. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "106233",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2018-15776",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-15728",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126069",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15776",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"id": "VAR-201812-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:51.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC \u306e\u8907\u6570\u306e\u8106\u5f31\u6027 (cve-2018-15774 \u304a\u3088\u3073 cve-2018-15776)",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-\u306e\u8907\u6570\u306e\u8106\u5f31\u6027-cve-2018-15774-\u304a\u3088\u3073-cve-2018-15776?lang=ja"
},
{
"title": "Dell EMC iDRAC7 and iDRAC8 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87908"
},
{
"title": "reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling",
"trust": 0.1,
"url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-388",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/106233"
},
{
"trust": 2.1,
"url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15776"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15776"
},
{
"trust": 0.3,
"url": "https://www.dellemc.com/en-us/index.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-126069"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106233"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"date": "2018-12-13T22:29:00.377000",
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-126069"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106233"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7 and iDRAC8 Error handling vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
],
"trust": 0.6
}
}
VAR-201704-0165
Vulnerability from variot - Updated: 2023-12-18 13:19Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. Dell integrated Remote Access Controller is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user supplied data. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. iDRAC7and iDRAC8 versions prior to 2.21.21.21 are vulnerable. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A buffer overflow vulnerability exists in Dell iDRAC 6 prior to 2.80, 7 and 8 prior to 2.21.21.21. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated remote access controller",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "1.99"
},
{
"model": "integrated remote access controller",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "2.20.20.20"
},
{
"model": "idrac6",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.80"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "integrated remote access controller",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.20.20.20"
},
{
"model": "integrated remote access controller",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.99"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
}
],
"sources": [
{
"db": "BID",
"id": "97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"db": "NVD",
"id": "CVE-2015-7272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.20.20.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.99",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "97532"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7272",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85233",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7272",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7272",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-535",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85233",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-7272",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85233"
},
{
"db": "VULMON",
"id": "CVE-2015-7272"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"db": "NVD",
"id": "CVE-2015-7272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. Dell integrated Remote Access Controller is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user supplied data. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will result in a denial-of-service condition. \niDRAC7and iDRAC8 versions prior to 2.21.21.21 are vulnerable. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A buffer overflow vulnerability exists in Dell iDRAC 6 prior to 2.80, 7 and 8 prior to 2.21.21.21. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7272"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"db": "BID",
"id": "97532"
},
{
"db": "VULHUB",
"id": "VHN-85233"
},
{
"db": "VULMON",
"id": "CVE-2015-7272"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7272",
"trust": 2.9
},
{
"db": "BID",
"id": "97532",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-535",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85233",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7272",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85233"
},
{
"db": "VULMON",
"id": "CVE-2015-7272"
},
{
"db": "BID",
"id": "97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"db": "NVD",
"id": "CVE-2015-7272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
]
},
"id": "VAR-201704-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85233"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:19:32.396000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
"trust": 0.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"title": "Dell Integrated Remote Access Controller 6 , 7 and 8 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70169"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7272"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85233"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"db": "NVD",
"id": "CVE-2015-7272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/97532"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7272"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7272"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85233"
},
{
"db": "VULMON",
"id": "CVE-2015-7272"
},
{
"db": "BID",
"id": "97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"db": "NVD",
"id": "CVE-2015-7272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85233"
},
{
"db": "VULMON",
"id": "CVE-2015-7272"
},
{
"db": "BID",
"id": "97532"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"db": "NVD",
"id": "CVE-2015-7272"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-85233"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7272"
},
{
"date": "2017-04-09T00:00:00",
"db": "BID",
"id": "97532"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"date": "2017-04-10T03:59:00.810000",
"db": "NVD",
"id": "CVE-2015-7272"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-85233"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7272"
},
{
"date": "2017-04-09T00:00:00",
"db": "BID",
"id": "97532"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007496"
},
{
"date": "2017-04-14T13:39:50.723000",
"db": "NVD",
"id": "CVE-2015-7272"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Service disruption in products (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007496"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-535"
}
],
"trust": 0.6
}
}
VAR-201803-1412
Vulnerability from variot - Updated: 2023-12-18 13:19Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7 and iDRAC8 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. An attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Dell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52 are vulnerable. Dell EMC iDRAC7 and iDRAC8 are both hardware and software system management solutions from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1412",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "emc idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "emc idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.40.40.40"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.40.40.40"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.52.52.5"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.52.52.5"
}
],
"sources": [
{
"db": "BID",
"id": "103694"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"db": "NVD",
"id": "CVE-2018-1207"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:emc_idrac8:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.52.52.52",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.52.52.52",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1207"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Immunity Team",
"sources": [
{
"db": "BID",
"id": "103694"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1207",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-121992",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1207",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1207",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-909",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-121992",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-1207",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121992"
},
{
"db": "VULMON",
"id": "CVE-2018-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"db": "NVD",
"id": "CVE-2018-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7 and iDRAC8 Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. \nAn attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. \nDell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.52.52.52 are vulnerable. Dell EMC iDRAC7 and iDRAC8 are both hardware and software system management solutions from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"db": "BID",
"id": "103694"
},
{
"db": "VULHUB",
"id": "VHN-121992"
},
{
"db": "VULMON",
"id": "CVE-2018-1207"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1207",
"trust": 2.9
},
{
"db": "BID",
"id": "103694",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201803-909",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-121992",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1207",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121992"
},
{
"db": "VULMON",
"id": "CVE-2018-1207"
},
{
"db": "BID",
"id": "103694"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"db": "NVD",
"id": "CVE-2018-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
]
},
"id": "VAR-201803-1412",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121992"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:19:10.726000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC Response to Common Vulnerabilities and Exposures CVE-2018-1207, CVE-2018-1211, and CVE-2018-1000116 [20 March 2018]",
"trust": 0.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"title": "Dell EMC iDRAC7 and iDRAC8 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=79406"
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/elsfa7-110/kenzer-templates "
},
{
"title": "kenzer-templates",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.1
},
{
"problemtype": "CWE-74",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121992"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"db": "NVD",
"id": "CVE-2018-1207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/103694"
},
{
"trust": 1.8,
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1207"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1207"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/94.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/elsfa7-110/kenzer-templates"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121992"
},
{
"db": "VULMON",
"id": "CVE-2018-1207"
},
{
"db": "BID",
"id": "103694"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"db": "NVD",
"id": "CVE-2018-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-121992"
},
{
"db": "VULMON",
"id": "CVE-2018-1207"
},
{
"db": "BID",
"id": "103694"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"db": "NVD",
"id": "CVE-2018-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-23T00:00:00",
"db": "VULHUB",
"id": "VHN-121992"
},
{
"date": "2018-03-23T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1207"
},
{
"date": "2018-03-23T00:00:00",
"db": "BID",
"id": "103694"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"date": "2018-03-23T14:29:00.277000",
"db": "NVD",
"id": "CVE-2018-1207"
},
{
"date": "2018-03-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-121992"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1207"
},
{
"date": "2018-03-23T00:00:00",
"db": "BID",
"id": "103694"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-003351"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-1207"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7 and iDRAC8 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-003351"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-909"
}
],
"trust": 0.6
}
}
VAR-201911-0372
Vulnerability from variot - Updated: 2023-12-18 13:02Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. Dell EMC iDRAC8 and iDRAC9 Contains an unauthorized authentication vulnerability.Information may be obtained. Dell EMC iDRAC9 and others are products of Dell (Dell). This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.70.70.70"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.36.36.36"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.65.65.65"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.65.65.65",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70.70.70",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.36.36.36",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3764"
}
]
},
"cve": "CVE-2019-3764",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3764",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-155199",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-3764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3764",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3764",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-419",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155199",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-3764",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. Dell EMC iDRAC8 and iDRAC9 Contains an unauthorized authentication vulnerability.Information may be obtained. Dell EMC iDRAC9 and others are products of Dell (Dell). This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3764",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155199",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3764",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"id": "VAR-201911-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:02:02.311000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-137",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
},
{
"title": "Dell EMC iDRAC7 , iDRAC8 and iDRAC9 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108199"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3764"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3764"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/rsa-authentication-manager-vulnerability-via-idrac-31132"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110909"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-155199"
},
{
"date": "2019-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"date": "2019-11-07T18:15:12.167000",
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-155199"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"date": "2020-10-16T13:28:55.067000",
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC8 and iDRAC9 Vulnerable to unauthorized authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
],
"trust": 0.6
}
}
VAR-202103-0636
Vulnerability from variot - Updated: 2023-12-18 12:55Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. Dell iDRAC8 Is vulnerable to injection.Information may be obtained and information may be tampered with. Dell iDRAC8 is an integrated Dell remote access controller that can help IT administrators deploy, update, monitor and maintain servers without installing any additional software. Dell iDRAC8 is a controller of Dell (Dell). Provides comprehensive, embedded management, and automation capabilities for the entire PowerEdge family of servers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-0636",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac8",
"scope": "lt",
"trust": 1.6,
"vendor": "dell",
"version": "2.75.100.75"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": "idrac8 firmware 2.75.100.75"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30c7\u30eb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"db": "NVD",
"id": "CVE-2021-21510"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.75.100.75",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21510"
}
]
},
"cve": "CVE-2021-21510",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2021-21510",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-26351",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-379914",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2021-21510",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21510",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21510",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-26351",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202103-547",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-379914",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21510",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"db": "VULHUB",
"id": "VHN-379914"
},
{
"db": "VULMON",
"id": "CVE-2021-21510"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"db": "NVD",
"id": "CVE-2021-21510"
},
{
"db": "NVD",
"id": "CVE-2021-21510"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web-cache or trigger redirections. Dell iDRAC8 Is vulnerable to injection.Information may be obtained and information may be tampered with. Dell iDRAC8 is an integrated Dell remote access controller that can help IT administrators deploy, update, monitor and maintain servers without installing any additional software. Dell iDRAC8 is a controller of Dell (Dell). Provides comprehensive, embedded management, and automation capabilities for the entire PowerEdge family of servers",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21510"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"db": "VULHUB",
"id": "VHN-379914"
},
{
"db": "VULMON",
"id": "CVE-2021-21510"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21510",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202103-547",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-26351",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-379914",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21510",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"db": "VULHUB",
"id": "VHN-379914"
},
{
"db": "VULMON",
"id": "CVE-2021-21510"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"db": "NVD",
"id": "CVE-2021-21510"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
]
},
"id": "VAR-202103-0636",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"db": "VULHUB",
"id": "VHN-379914"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-26351"
}
]
},
"last_update_date": "2023-12-18T12:55:38.390000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2021-041",
"trust": 0.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000183758/dsa-2021-041-dell-emc-idrac-8-security-update-for-a-host-header-injection-vulnerability"
},
{
"title": "Patch for Dell iDRAC8 host header injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/257166"
},
{
"title": "Dell iDRAC8 Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=144154"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"db": "VULMON",
"id": "CVE-2021-21510"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.1
},
{
"problemtype": "injection (CWE-74) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379914"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"db": "NVD",
"id": "CVE-2021-21510"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21510"
},
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000183758/dsa-2021-041-dell-emc-idrac-8-security-update-for-a-host-header-injection-vulnerability"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"db": "VULHUB",
"id": "VHN-379914"
},
{
"db": "VULMON",
"id": "CVE-2021-21510"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"db": "NVD",
"id": "CVE-2021-21510"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"db": "VULHUB",
"id": "VHN-379914"
},
{
"db": "VULMON",
"id": "CVE-2021-21510"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"db": "NVD",
"id": "CVE-2021-21510"
},
{
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"date": "2021-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-379914"
},
{
"date": "2021-03-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21510"
},
{
"date": "2021-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"date": "2021-03-08T22:15:14.080000",
"db": "NVD",
"id": "CVE-2021-21510"
},
{
"date": "2021-03-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-26351"
},
{
"date": "2022-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-379914"
},
{
"date": "2022-10-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21510"
},
{
"date": "2021-11-18T08:49:00",
"db": "JVNDB",
"id": "JVNDB-2021-004333"
},
{
"date": "2022-10-24T17:08:30.387000",
"db": "NVD",
"id": "CVE-2021-21510"
},
{
"date": "2021-03-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell\u00a0iDRAC8\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-004333"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202103-547"
}
],
"trust": 0.6
}
}
VAR-201704-0168
Vulnerability from variot - Updated: 2023-12-18 12:51Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Dell iDRAC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Dell iDRAC6 versions prior to 2.85 Dell iDRAC7 versions prior to 2.30.30.30 Dell iDRAC8 versions prior to 2.30.30.30. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0168",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated remote access controller",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "2.80"
},
{
"model": "integrated remote access controller",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac6",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.85"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "integrated remote access controller",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "integrated remote access controller",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.80"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.30"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.57.57"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.56.55"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.80"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.95"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.7"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.41"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac6",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.85"
}
],
"sources": [
{
"db": "BID",
"id": "97520"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"db": "NVD",
"id": "CVE-2015-7275"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.21.21.21",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.80",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7275"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Infrastructure Security Assurance",
"sources": [
{
"db": "BID",
"id": "97520"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-7275",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-85236",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2015-7275",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7275",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-532",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85236",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7275",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85236"
},
{
"db": "VULMON",
"id": "CVE-2015-7275"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"db": "NVD",
"id": "CVE-2015-7275"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Dell iDRAC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. \nThe following products are vulnerable:\nDell iDRAC6 versions prior to 2.85\nDell iDRAC7 versions prior to 2.30.30.30\nDell iDRAC8 versions prior to 2.30.30.30. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7275"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"db": "BID",
"id": "97520"
},
{
"db": "VULHUB",
"id": "VHN-85236"
},
{
"db": "VULMON",
"id": "CVE-2015-7275"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7275",
"trust": 2.9
},
{
"db": "BID",
"id": "97520",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-532",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85236",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7275",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85236"
},
{
"db": "VULMON",
"id": "CVE-2015-7275"
},
{
"db": "BID",
"id": "97520"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"db": "NVD",
"id": "CVE-2015-7275"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
]
},
"id": "VAR-201704-0168",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85236"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:51:21.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
"trust": 0.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"title": "Dell Integrated Remote Access Controller 6 , 7 and 8 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70166"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7275"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85236"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"db": "NVD",
"id": "CVE-2015-7275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/97520"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7275"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7275"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85236"
},
{
"db": "VULMON",
"id": "CVE-2015-7275"
},
{
"db": "BID",
"id": "97520"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"db": "NVD",
"id": "CVE-2015-7275"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85236"
},
{
"db": "VULMON",
"id": "CVE-2015-7275"
},
{
"db": "BID",
"id": "97520"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"db": "NVD",
"id": "CVE-2015-7275"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-85236"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7275"
},
{
"date": "2017-04-10T00:00:00",
"db": "BID",
"id": "97520"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"date": "2017-04-10T03:59:00.890000",
"db": "NVD",
"id": "CVE-2015-7275"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-85236"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7275"
},
{
"date": "2017-04-11T00:04:00",
"db": "BID",
"id": "97520"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007499"
},
{
"date": "2017-04-14T13:40:12.583000",
"db": "NVD",
"id": "CVE-2015-7275"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Product cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007499"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-532"
}
],
"trust": 0.6
}
}
VAR-201904-0130
Vulnerability from variot - Updated: 2023-12-18 12:50Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. plural Dell EMC iDRAC The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RSA Archer GRC Platform is prone to multiple information disclosure vulnerabilities. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Dell EMC iDRAC9 and others are products of Dell (Dell). Dell EMC iDRAC9 is a system management solution that includes hardware and software. Dell EMC iDRAC6 is a system management solution that includes hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Dell EMC iDRAC7 is a system management solution that includes hardware and software. A buffer error vulnerability exists in several Dell products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Recommendation: For CVE-2019-3705, the following RSA Archer releases contain a resolution for this vulnerability: * RSA Archer version 6.5 P1 (6.5.0.1) * RSA Archer version 6.5 P2 (6.5.0.2) [6.5 P2 contains the items fixed in 6.5 P1] * RSA Archer version 6.4 SP1 P5 (6.4.1.5)
For CVE-2019-3706, the following RSA Archer releases contain a resolution for this vulnerability: * RSA Archer version 6.5 P2 (6.5.0.2) * RSA Archer version 6.4 SP1 P5 (6.4.1.5)
RSA recommends all customers upgrade at the earliest opportunity.
Severity Rating For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating (https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Legal Information Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages wha tsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell Product Security Incident Response Team secure@dell.com -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlx4N6AACgkQgSlofD2Y i6dXzQ//XHQsdsvdDqGc85jOTtTRZ0VWhxe3g76dAW7u5tmKt8dyHZF4QqaXtc/p qKRdrWl6SK/ajzxhnF7PaMmLLLAYnHBzL56Vo0ZTjcXD/8rMfTh+WX8v/M06TOjG UgJTdtVGKILsBGmuViwVtvpTLsmeVhbhq34dbMscLhrgjwvrTmsCW3Zv+6w4/x5G umlHR8f+asAYs/JKJ3IvFo5i/v1wKoXsFQVXN8RtySzRVKX+Jx3fsqfCnC+cj4cz 6SnaOPQMBRTPzev4vcWGR4HxoQjE6vl3xgKYyi1bAQf6sZnZpVvzmvPi6OZDfV9q jm+32qvMbwjH2L0POwk7djnmaeZ9qRM3cYihHRJhuOaqW4UyVxhy7ZwZIXeYwOX4 lGiyqt6gtGpUjAFgI1qycGOzVu4W1pZhmIAPRk5KYFapr3BEmgWoDwrvjF7QqRq8 wt5J1Us6XWc4D+wqMIo7YZmnvO9Bz73oxBKqvZXNUJSxfQroAQhcG4DJy+TH+nC7 MWMH2EEdhL5ibCog6AMRksMmU08Cw2gIvKnotOgRIPUnirlfn22IpukqV2prBrHH zOoHOLRx865jPqPPHb4Tp+DvGDwtscwiGyI9AaeemutPbUhlibP/vMyQh8wKItCl F+iHsckY/7Mh2/FH3a0vWb57edaT4lPgvt8JwwP4OfE+a7qXpuA= =lmP4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac6",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.92"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "rsa archer grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform p2",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform p1",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform sp1 p5",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.4"
}
],
"sources": [
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.92",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.20.21.20",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3705"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Dell Product Security Incident Response Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3705",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-3705",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-155140",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3705",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3705",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3705",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-026",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-155140",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3705",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. plural Dell EMC iDRAC The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RSA Archer GRC Platform is prone to multiple information disclosure vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Dell EMC iDRAC9 and others are products of Dell (Dell). Dell EMC iDRAC9 is a system management solution that includes hardware and software. Dell EMC iDRAC6 is a system management solution that includes hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Dell EMC iDRAC7 is a system management solution that includes hardware and software. A buffer error vulnerability exists in several Dell products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Users\u0027 session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks. \n\nCVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\nRecommendation:\nFor CVE-2019-3705, the following RSA Archer releases contain a resolution for this vulnerability:\n* RSA Archer version 6.5 P1 (6.5.0.1)\n* RSA Archer version 6.5 P2 (6.5.0.2) [6.5 P2 contains the items fixed in 6.5 P1]\n* RSA Archer version 6.4 SP1 P5 (6.4.1.5)\n\nFor CVE-2019-3706, the following RSA Archer releases contain a resolution for this vulnerability:\n* RSA Archer version 6.5 P2 (6.5.0.2)\n* RSA Archer version 6.4 SP1 P5 (6.4.1.5)\n\n\nRSA recommends all customers upgrade at the earliest opportunity. \n\nSeverity Rating\nFor an explanation of Severity Ratings, refer to the Security Advisories Severity Rating (https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nLegal Information\nRead and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages wha\n tsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \nDell Product Security Incident Response Team\nsecure@dell.com\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlx4N6AACgkQgSlofD2Y\ni6dXzQ//XHQsdsvdDqGc85jOTtTRZ0VWhxe3g76dAW7u5tmKt8dyHZF4QqaXtc/p\nqKRdrWl6SK/ajzxhnF7PaMmLLLAYnHBzL56Vo0ZTjcXD/8rMfTh+WX8v/M06TOjG\nUgJTdtVGKILsBGmuViwVtvpTLsmeVhbhq34dbMscLhrgjwvrTmsCW3Zv+6w4/x5G\numlHR8f+asAYs/JKJ3IvFo5i/v1wKoXsFQVXN8RtySzRVKX+Jx3fsqfCnC+cj4cz\n6SnaOPQMBRTPzev4vcWGR4HxoQjE6vl3xgKYyi1bAQf6sZnZpVvzmvPi6OZDfV9q\njm+32qvMbwjH2L0POwk7djnmaeZ9qRM3cYihHRJhuOaqW4UyVxhy7ZwZIXeYwOX4\nlGiyqt6gtGpUjAFgI1qycGOzVu4W1pZhmIAPRk5KYFapr3BEmgWoDwrvjF7QqRq8\nwt5J1Us6XWc4D+wqMIo7YZmnvO9Bz73oxBKqvZXNUJSxfQroAQhcG4DJy+TH+nC7\nMWMH2EEdhL5ibCog6AMRksMmU08Cw2gIvKnotOgRIPUnirlfn22IpukqV2prBrHH\nzOoHOLRx865jPqPPHb4Tp+DvGDwtscwiGyI9AaeemutPbUhlibP/vMyQh8wKItCl\nF+iHsckY/7Mh2/FH3a0vWb57edaT4lPgvt8JwwP4OfE+a7qXpuA=\n=lmP4\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "PACKETSTORM",
"id": "151935"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-155140",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3705",
"trust": 3.0
},
{
"db": "BID",
"id": "107209",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "151935",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155140",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3705",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"id": "VAR-201904-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:23.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-028",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
},
{
"title": "Dell EMC RSA Archer Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89720"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3705"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3705"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/107209"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/151935/rsa-archer-grc-platform-information-exposure.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-emc-idrac6-buffer-overflow-29660"
},
{
"trust": 0.3,
"url": "http://www.rsa.com/"
},
{
"trust": 0.3,
"url": "https://seclists.org/fulldisclosure/2019/mar/4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3706"
},
{
"trust": 0.1,
"url": "https://community.rsa.com/docs/doc-1294)."
},
{
"trust": 0.1,
"url": "https://community.rsa.com/docs/doc-47147)"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-155140"
},
{
"date": "2019-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"date": "2019-02-28T00:00:00",
"db": "BID",
"id": "107209"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"date": "2019-03-03T16:00:16",
"db": "PACKETSTORM",
"id": "151935"
},
{
"date": "2019-04-26T19:29:00.527000",
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"date": "2019-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-155140"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"date": "2019-02-28T00:00:00",
"db": "BID",
"id": "107209"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"date": "2020-10-16T18:04:10.047000",
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell EMC iDRAC Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
],
"trust": 0.6
}
}
VAR-201704-0163
Vulnerability from variot - Updated: 2023-12-18 12:29Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Dell iDRAC is prone to a local directory-traversal vulnerability. Exploiting this issue will allow an attacker to gain sensitive information and perform unauthorized actions. The following products are vulnerable: Versions prior to Dell iDRAC6 2.80 Versions prior to Dell iDRAC7 2.21.21.21 Versions prior to Dell iDRAC8 2.21.21.21
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0163",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "integrated remote access controller",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "1.99"
},
{
"model": "integrated remote access controller",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "2.20.20.20"
},
{
"model": "idrac6",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.80"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "integrated remote access controller",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.20.20.20"
},
{
"model": "integrated remote access controller",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.99"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.57.57"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.56.55"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.95"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.7"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "1.41"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.21.21.21"
},
{
"model": "idrac6",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.80"
}
],
"sources": [
{
"db": "BID",
"id": "97521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"db": "NVD",
"id": "CVE-2015-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.20.20.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:integrated_remote_access_controller_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.99",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:integrated_remote_access_controller_6:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7270"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Infrastructure Security Assurance",
"sources": [
{
"db": "BID",
"id": "97521"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7270",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7270",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-85231",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2015-7270",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7270",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-467",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85231",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7270",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85231"
},
{
"db": "VULMON",
"id": "CVE-2015-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"db": "NVD",
"id": "CVE-2015-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Dell iDRAC is prone to a local directory-traversal vulnerability. \nExploiting this issue will allow an attacker to gain sensitive information and perform unauthorized actions. \nThe following products are vulnerable:\nVersions prior to Dell iDRAC6 2.80\nVersions prior to Dell iDRAC7 2.21.21.21\nVersions prior to Dell iDRAC8 2.21.21.21",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"db": "BID",
"id": "97521"
},
{
"db": "VULHUB",
"id": "VHN-85231"
},
{
"db": "VULMON",
"id": "CVE-2015-7270"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7270",
"trust": 2.9
},
{
"db": "BID",
"id": "97521",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-467",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-85231",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7270",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85231"
},
{
"db": "VULMON",
"id": "CVE-2015-7270"
},
{
"db": "BID",
"id": "97521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"db": "NVD",
"id": "CVE-2015-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
]
},
"id": "VAR-201704-0163",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-85231"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:29:44.002000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015",
"trust": 0.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"title": "Dell Integrated Remote Access Controller 6 , 7 and 8 Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=73818"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-7270"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85231"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"db": "NVD",
"id": "CVE-2015-7270"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20441859"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/97521"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7270"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7270"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85231"
},
{
"db": "VULMON",
"id": "CVE-2015-7270"
},
{
"db": "BID",
"id": "97521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"db": "NVD",
"id": "CVE-2015-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-85231"
},
{
"db": "VULMON",
"id": "CVE-2015-7270"
},
{
"db": "BID",
"id": "97521"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"db": "NVD",
"id": "CVE-2015-7270"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-10T00:00:00",
"db": "VULHUB",
"id": "VHN-85231"
},
{
"date": "2017-04-10T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7270"
},
{
"date": "2017-04-09T00:00:00",
"db": "BID",
"id": "97521"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"date": "2017-04-10T03:59:00.747000",
"db": "NVD",
"id": "CVE-2015-7270"
},
{
"date": "2017-04-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-85231"
},
{
"date": "2017-04-14T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7270"
},
{
"date": "2017-04-11T00:04:00",
"db": "BID",
"id": "97521"
},
{
"date": "2017-05-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-007494"
},
{
"date": "2017-04-14T13:41:33.553000",
"db": "NVD",
"id": "CVE-2015-7270"
},
{
"date": "2017-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "97521"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Path traversal vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-007494"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-467"
}
],
"trust": 0.6
}
}
VAR-201611-0079
Vulnerability from variot - Updated: 2023-12-18 12:05Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. An attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Dell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.40.40.4 are vulnerable. Dell Integrated Remote Access Controller (iDRAC) 7 and 8 are remote access control cards of Dell (Dell). Attackers can exploit this vulnerability to gain Bash shell privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201611-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac8",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac7",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac7",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "idrac7",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.40.40.40"
},
{
"model": "idrac8",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "idrac8",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "2.40.40.40"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "2.30.30.30"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.40.40.40"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.40.40.40"
}
],
"sources": [
{
"db": "BID",
"id": "94585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"db": "NVD",
"id": "CVE-2016-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.30.30.30",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.30.30.30",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dell:idrac8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:idrac7:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5685"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "94585"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5685",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5685",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-94504",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5685",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5685",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-647",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94504",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5685",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94504"
},
{
"db": "VULMON",
"id": "CVE-2016-5685"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"db": "NVD",
"id": "CVE-2016-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. Dell iDRAC7 and iDRAC8 devices are prone to a code-injection vulnerability. \nAn attacker can exploit this issue to inject arbitrary code in the context of the affected device. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. \nDell iDRAC7 and iDRAC8 devices running firmware versions prior to 2.40.40.4 are vulnerable. Dell Integrated Remote Access Controller (iDRAC) 7 and 8 are remote access control cards of Dell (Dell). Attackers can exploit this vulnerability to gain Bash shell privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5685"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"db": "BID",
"id": "94585"
},
{
"db": "VULHUB",
"id": "VHN-94504"
},
{
"db": "VULMON",
"id": "CVE-2016-5685"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5685",
"trust": 2.9
},
{
"db": "BID",
"id": "94585",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-647",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-94504",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5685",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94504"
},
{
"db": "VULMON",
"id": "CVE-2016-5685"
},
{
"db": "BID",
"id": "94585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"db": "NVD",
"id": "CVE-2016-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
]
},
"id": "VAR-201611-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-94504"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:05:19.387000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell iDRAC team\u0027s response to Common Vulnerabilities and Exposures (CVE) ID CVE-2016-5685 [16 November 2016]",
"trust": 0.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
},
{
"title": "Dell iDRAC7 and iDRAC8 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65911"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2016-5685"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94504"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"db": "NVD",
"id": "CVE-2016-5685"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20443326"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/94585"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5685"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-5685"
},
{
"trust": 0.3,
"url": "http://dell.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/74.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94504"
},
{
"db": "VULMON",
"id": "CVE-2016-5685"
},
{
"db": "BID",
"id": "94585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"db": "NVD",
"id": "CVE-2016-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-94504"
},
{
"db": "VULMON",
"id": "CVE-2016-5685"
},
{
"db": "BID",
"id": "94585"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"db": "NVD",
"id": "CVE-2016-5685"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-94504"
},
{
"date": "2016-11-29T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5685"
},
{
"date": "2016-11-29T00:00:00",
"db": "BID",
"id": "94585"
},
{
"date": "2016-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"date": "2016-11-29T15:59:00.200000",
"db": "NVD",
"id": "CVE-2016-5685"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-01T00:00:00",
"db": "VULHUB",
"id": "VHN-94504"
},
{
"date": "2016-12-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5685"
},
{
"date": "2016-12-20T02:03:00",
"db": "BID",
"id": "94585"
},
{
"date": "2016-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-006039"
},
{
"date": "2016-12-01T19:54:29.360000",
"db": "NVD",
"id": "CVE-2016-5685"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell iDRAC7 and iDRAC8 In device firmware Bash Vulnerabilities that gain shell access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-006039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-647"
}
],
"trust": 0.6
}
}