Search criteria
9 vulnerabilities found for idrac6_monolithic by dell
FKIE_CVE-2018-1212
Vulnerability from fkie_nvd - Published: 2018-07-02 17:29 - Updated: 2024-11-21 03:59
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | idrac6_modular | * | |
| dell | idrac6_monolithic | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A187ADC-E596-4B72-B8D6-D502702B5FC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E064ABF-3293-47EB-8D9F-860EBC88E64B",
"versionEndExcluding": "2.91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
},
{
"lang": "es",
"value": "La consola web de diagn\u00f3stico en Dell EMC iDRAC6 (versiones Monolithic anteriores a la 2.91 y Modular en todas las versiones) contiene una vulnerabilidad de inyecci\u00f3n de comandos. Un usuario iDRAC autenticado, remoto y malicioso con acceso a la consola de diagn\u00f3stico podr\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios como root en el sistema iDRAC afectado."
}
],
"id": "CVE-2018-1212",
"lastModified": "2024-11-21T03:59:24.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-02T17:29:00.257",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-8272
Vulnerability from fkie_nvd - Published: 2014-12-19 11:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.exploit-db.com/exploits/35770 | Exploit | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/843044 | Third Party Advisory, US Government Resource | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/BLUU-9RDQHM | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.exploit-db.com/exploits/35770 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/843044 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/BLUU-9RDQHM | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | idrac6_modular | * | |
| dell | idrac7 | * | |
| intel | ipmi | 1.5 | |
| dell | idrac6_monolithic | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A460E054-878C-4E63-945F-7FC03D07E302",
"versionEndIncluding": "3.60",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DBDA63-E3CD-486A-864A-9C9B078ACC97",
"versionEndIncluding": "1.56.55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "21DFF96C-EBE3-4CAC-B281-50C0A2728C10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D463D1-92B9-481C-BC39-3E5EDA630A3E",
"versionEndIncluding": "1.97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
},
{
"lang": "es",
"value": "La funcionalidad IPMI 1.5 en Dell iDRAC6 modular anterior a 3.65, iDRAC6 monol\u00edtico anterior a 1.98 e iDRAC7 anterior a 1.57.57 no selecciona correctamente los valores ID de sesi\u00f3n, lo que facilita a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de ataques de fuerza bruta."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/330.html\"\u003eCWE-330: Use of Insufficiently Random Values\u003c/a\u003e",
"id": "CVE-2014-8272",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-19T11:59:05.290",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/843044"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/843044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-3589
Vulnerability from fkie_nvd - Published: 2013-09-24 10:35 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cret@cert.org | http://www.kb.cert.org/vuls/id/920038 | US Government Resource | |
| cret@cert.org | http://www.kb.cert.org/vuls/id/BLUU-997QVW | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/920038 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/BLUU-997QVW | US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | idrac6_firmware | * | |
| dell | idrac6_firmware | 1.0 | |
| dell | idrac6_firmware | 1.1 | |
| dell | idrac6_firmware | 1.2 | |
| dell | idrac6_firmware | 1.3 | |
| dell | idrac6_firmware | 1.5 | |
| dell | idrac6_firmware | 1.6 | |
| dell | idrac6_firmware | 1.8 | |
| dell | idrac6_monolithic | - | |
| dell | idrac7_firmware | * | |
| dell | idrac7_firmware | 1.00.00 | |
| dell | idrac7_firmware | 1.06.06 | |
| dell | idrac7_firmware | 1.10.10 | |
| dell | idrac7_firmware | 1.20.20 | |
| dell | idrac7_firmware | 1.23.23 | |
| dell | idrac7_firmware | 1.37.35 | |
| dell | idrac7 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D9D5B45-9540-438A-9865-C2BC1FABECE8",
"versionEndIncluding": "1.95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8165B5AB-8EC5-409A-9B82-2FE1C801E93E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0432217-2FD7-49B4-8CB3-F9CD107F321B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE3EFC4-0E43-4474-95A0-EE010E4432EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "88F80B6F-D37C-4EF8-9307-548289B8D0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "37C84DCC-B988-41FC-83FF-3265FBD20436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "282B62D0-949E-4664-AFE0-19A32AAE8583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D5272179-2DFF-4880-9FA5-4AC95A584B62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:idrac6_monolithic:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1178ECF0-A8BD-4236-83D8-5F39CD8BF6F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93014C51-F915-4635-A479-EEE4FC3816A1",
"versionEndIncluding": "1.40.40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac7_firmware:1.00.00:*:*:*:*:*:*:*",
"matchCriteriaId": "E072CD73-1FB4-46A5-96B4-C9440ACCD2B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac7_firmware:1.06.06:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7E3E21-56E5-4F13-AE6C-6BD2A5D57FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac7_firmware:1.10.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F8E06108-77C9-4F9C-A0B1-BEDC5C23D862",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac7_firmware:1.20.20:*:*:*:*:*:*:*",
"matchCriteriaId": "3542F818-1A1F-4B75-BA24-E5699F602301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac7_firmware:1.23.23:*:*:*:*:*:*:*",
"matchCriteriaId": "539A6346-747E-4ACA-B048-3C7DEF6CC2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:dell:idrac7_firmware:1.37.35:*:*:*:*:*:*:*",
"matchCriteriaId": "32A7E775-FB16-4031-B85B-F0944251F4B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:dell:idrac7:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B004193-6FCE-4E0C-9B3F-D56B4605701B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad XSS en la p\u00e1gina de login del interfaz de administraci\u00f3n web en los dispositivos monol\u00edticos Dell iDRAC6 con firmware anterior a v1.46.45 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a trav\u00e9s del par\u00e1metro \"ErrorMsg\"."
}
],
"id": "CVE-2013-3589",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-09-24T10:35:51.923",
"references": [
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/920038"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/920038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1212 (GCVE-0-2018-1212)
Vulnerability from cvelistv5 – Published: 2018-07-02 17:00 – Updated: 2024-09-17 01:37
VLAI?
Title
Authenticated remote code execution in iDRAC 6
Summary
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
Severity ?
8.8 (High)
CWE
- Authenticated remote code execution command injection vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | iDRAC6 (Monolithic) |
Affected:
unspecified , < 2.91
(custom)
|
|||||||
|
|||||||||
Credits
Dell EMC would like to thank Arseniy for reporting this issue to us.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iDRAC6 (Monolithic)",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "2.91",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iDRAC6 (Modular)",
"vendor": "Dell EMC",
"versions": [
{
"lessThanOrEqual": "3.85",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Arseniy for reporting this issue to us."
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated remote code execution command injection vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-02T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated remote code execution in iDRAC 6",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
"ID": "CVE-2018-1212",
"STATE": "PUBLIC",
"TITLE": "Authenticated remote code execution in iDRAC 6"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iDRAC6 (Monolithic)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.91"
}
]
}
},
{
"product_name": "iDRAC6 (Modular)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.85"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Arseniy for reporting this issue to us."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated remote code execution command injection vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
"refsource": "CONFIRM",
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1212",
"datePublished": "2018-07-02T17:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-17T01:37:02.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8272 (GCVE-0-2014-8272)
Vulnerability from cvelistv5 – Published: 2014-12-19 11:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
},
{
"name": "35770",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"name": "VU#843044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/843044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-02T15:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
},
{
"name": "35770",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"name": "VU#843044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/843044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-8272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
},
{
"name": "35770",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"name": "VU#843044",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/843044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-8272",
"datePublished": "2014-12-19T11:00:00",
"dateReserved": "2014-10-12T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3589 (GCVE-0-2013-3589)
Vulnerability from cvelistv5 – Published: 2013-09-24 10:00 – Updated: 2024-09-16 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
},
{
"name": "VU#920038",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/920038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-24T10:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
},
{
"name": "VU#920038",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/920038"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997QVW",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
},
{
"name": "VU#920038",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/920038"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3589",
"datePublished": "2013-09-24T10:00:00Z",
"dateReserved": "2013-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:23:58.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1212 (GCVE-0-2018-1212)
Vulnerability from nvd – Published: 2018-07-02 17:00 – Updated: 2024-09-17 01:37
VLAI?
Title
Authenticated remote code execution in iDRAC 6
Summary
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
Severity ?
8.8 (High)
CWE
- Authenticated remote code execution command injection vulnerability.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Dell EMC | iDRAC6 (Monolithic) |
Affected:
unspecified , < 2.91
(custom)
|
|||||||
|
|||||||||
Credits
Dell EMC would like to thank Arseniy for reporting this issue to us.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iDRAC6 (Monolithic)",
"vendor": "Dell EMC",
"versions": [
{
"lessThan": "2.91",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iDRAC6 (Modular)",
"vendor": "Dell EMC",
"versions": [
{
"lessThanOrEqual": "3.85",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Dell EMC would like to thank Arseniy for reporting this issue to us."
}
],
"datePublic": "2018-06-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated remote code execution command injection vulnerability.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-02T16:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Authenticated remote code execution in iDRAC 6",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
"ID": "CVE-2018-1212",
"STATE": "PUBLIC",
"TITLE": "Authenticated remote code execution in iDRAC 6"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iDRAC6 (Monolithic)",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "2.91"
}
]
}
},
{
"product_name": "iDRAC6 (Modular)",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "3.85"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Dell EMC would like to thank Arseniy for reporting this issue to us."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated remote code execution command injection vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
"refsource": "CONFIRM",
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1212",
"datePublished": "2018-07-02T17:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-17T01:37:02.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8272 (GCVE-0-2014-8272)
Vulnerability from nvd – Published: 2014-12-19 11:00 – Updated: 2024-08-06 13:10
VLAI?
Summary
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:10:50.943Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
},
{
"name": "35770",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"name": "VU#843044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/843044"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-02T15:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
},
{
"name": "35770",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"name": "VU#843044",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/843044"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-8272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
},
{
"name": "35770",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"name": "VU#843044",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/843044"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-8272",
"datePublished": "2014-12-19T11:00:00",
"dateReserved": "2014-10-12T00:00:00",
"dateUpdated": "2024-08-06T13:10:50.943Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3589 (GCVE-0-2013-3589)
Vulnerability from nvd – Published: 2013-09-24 10:00 – Updated: 2024-09-16 18:23
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
},
{
"name": "VU#920038",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/920038"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-09-24T10:00:00Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
},
{
"name": "VU#920038",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/920038"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-997QVW",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/BLUU-997QVW"
},
{
"name": "VU#920038",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/920038"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3589",
"datePublished": "2013-09-24T10:00:00Z",
"dateReserved": "2013-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T18:23:58.443Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}