Search criteria
25 vulnerabilities found for idrac9 by dell
CVE-2025-26482 (GCVE-0-2025-26482)
Vulnerability from cvelistv5 – Published: 2025-09-25 21:11 – Updated: 2025-09-26 17:39
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity ?
4.9 (Medium)
CWE
- CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dell | PowerEdge R770 |
Affected:
N/A , < 1.2.6
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T17:38:37.455824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T17:39:20.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge R770",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R670",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R570",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R470",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6715",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7715",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6725",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7725",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX760c",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R860",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R960",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge HS5610",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge HS5620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R660xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xd2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T560",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9680",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9680L",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR5610",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR8610t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR8620t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE8640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T160",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T360",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R260",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R360",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750XA",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX750C",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R650XS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750XS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR11",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR12",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR4510c",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR4520c",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T150",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740XD",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R940",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R540",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740XD2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R840",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R940XA",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge FC640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge M640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge M640 (for PE VRTX)",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX740C",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX840C",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C4140",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSS 8440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE2420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE7440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T140",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R240",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC Storage NX3240",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC Storage NX3340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC NX440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC760",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC660xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC760xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC750",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC750xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC6520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core 6420 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC640 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC740xd System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC740xd2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC940 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XCXR2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6515",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7515",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE8545",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.17.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC7525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC7625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6415",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7415",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7425",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iDRAC9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.00.00.181",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iDRAC9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.20.10.50",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-23T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"value": "Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1258",
"description": "CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T21:11:43.372Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000370138/dsa-2025-046-security-update-for-dell-poweredge-server-and-dell-idrac9-for-information-disclosure-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-26482",
"datePublished": "2025-09-25T21:11:43.372Z",
"dateReserved": "2025-02-11T06:06:12.147Z",
"dateUpdated": "2025-09-26T17:39:20.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25943 (GCVE-0-2024-25943)
Vulnerability from cvelistv5 – Published: 2024-06-29 12:52 – Updated: 2024-08-01 23:52
VLAI?
Summary
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
Severity ?
7.6 (High)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Dell Remote Access Controller 9 |
Affected:
N/A , < 7.00.00.172
(semver)
Affected: N/A , < 7.10.50.00 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:integrated_dell_remote_access_controller_9_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "integrated_dell_remote_access_controller_9_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "7.00.00.172",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "7.10.50.00",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:10:06.274139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:19:06.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Integrated Dell Remote Access Controller 9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.00.00.172",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "7.10.50.00",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-28T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application."
}
],
"value": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-29T12:52:27.699Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25943",
"datePublished": "2024-06-29T12:52:27.699Z",
"dateReserved": "2024-02-13T05:29:58.481Z",
"dateUpdated": "2024-08-01T23:52:06.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24422 (GCVE-0-2022-24422)
Vulnerability from cvelistv5 – Published: 2022-05-26 15:20 – Updated: 2024-09-16 22:31
VLAI?
Summary
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
Severity ?
9.6 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Dell Remote Access Controller 9 |
Affected:
unspecified , < 5.10.10.00
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Dell Remote Access Controller 9",
"vendor": "Dell",
"versions": [
{
"lessThan": "5.10.10.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T15:20:22",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-05-11",
"ID": "CVE-2022-24422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Dell Remote Access Controller 9",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.10.10.00"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.6,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-24422",
"datePublished": "2022-05-26T15:20:22.189079Z",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-09-16T22:31:28.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-26482 (GCVE-0-2025-26482)
Vulnerability from nvd – Published: 2025-09-25 21:11 – Updated: 2025-09-26 17:39
VLAI?
Summary
Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure.
Severity ?
4.9 (Medium)
CWE
- CWE-1258 - Exposure of Sensitive System Information Due to Uncleared Debug Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Dell | PowerEdge R770 |
Affected:
N/A , < 1.2.6
(semver)
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-26482",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T17:38:37.455824Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T17:39:20.743Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerEdge R770",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R670",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R570",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R470",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.2.6",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6715",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7715",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6725",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7725",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX760c",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R860",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R960",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge HS5610",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge HS5620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R660xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xd2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T560",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R760xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9680",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9680L",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR5610",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR8610t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR8620t",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR7620",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE8640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE9640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T160",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T360",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R260",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R360",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.0.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750XA",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX750C",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R650XS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R750XS",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T550",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR11",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR12",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR4510c",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR4520c",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.17.3",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T150",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R250",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R350",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740XD",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R940",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R540",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XR2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R740XD2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R840",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R940XA",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge FC640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge M640",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge M640 (for PE VRTX)",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX740C",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge MX840C",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C4140",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "DSS 8440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE2420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE7420",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE7440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T140",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge T340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R240",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC Storage NX3240",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC Storage NX3340",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC NX440",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC660",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC760",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC660xs",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC760xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.5.4",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC450",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC650",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC750",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC750xa",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC6520",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.16.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core 6420 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC640 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC740xd System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC740xd2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC940 System",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XCXR2",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.23.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6615",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.6.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6515",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7515",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge C6525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge XE8545",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.17.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell EMC XC Core XC7525",
"vendor": "Dell",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dell XC Core XC7625",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.11.2",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R6415",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7415",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "PowerEdge R7425",
"vendor": "Dell",
"versions": [
{
"lessThan": "1.25.0",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iDRAC9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.00.00.181",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "iDRAC9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.20.10.50",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2025-09-23T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"value": "Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information Disclosure."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1258",
"description": "CWE-1258: Exposure of Sensitive System Information Due to Uncleared Debug Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-25T21:11:43.372Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000370138/dsa-2025-046-security-update-for-dell-poweredge-server-and-dell-idrac9-for-information-disclosure-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2025-26482",
"datePublished": "2025-09-25T21:11:43.372Z",
"dateReserved": "2025-02-11T06:06:12.147Z",
"dateUpdated": "2025-09-26T17:39:20.743Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25943 (GCVE-0-2024-25943)
Vulnerability from nvd – Published: 2024-06-29 12:52 – Updated: 2024-08-01 23:52
VLAI?
Summary
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
Severity ?
7.6 (High)
CWE
- CWE-330 - Use of Insufficiently Random Values
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Dell Remote Access Controller 9 |
Affected:
N/A , < 7.00.00.172
(semver)
Affected: N/A , < 7.10.50.00 (semver) |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:dell:integrated_dell_remote_access_controller_9_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "integrated_dell_remote_access_controller_9_firmware",
"vendor": "dell",
"versions": [
{
"lessThan": "7.00.00.172",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "7.10.50.00",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25943",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-02T19:10:06.274139Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T19:19:06.056Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:52:06.350Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Integrated Dell Remote Access Controller 9",
"vendor": "Dell",
"versions": [
{
"lessThan": "7.00.00.172",
"status": "affected",
"version": "N/A",
"versionType": "semver"
},
{
"lessThan": "7.10.50.00",
"status": "affected",
"version": "N/A",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-06-28T06:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application."
}
],
"value": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-29T12:52:27.699Z",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2024-25943",
"datePublished": "2024-06-29T12:52:27.699Z",
"dateReserved": "2024-02-13T05:29:58.481Z",
"dateUpdated": "2024-08-01T23:52:06.350Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24422 (GCVE-0-2022-24422)
Vulnerability from nvd – Published: 2022-05-26 15:20 – Updated: 2024-09-16 22:31
VLAI?
Summary
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
Severity ?
9.6 (Critical)
CWE
- CWE-287 - Improper Authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell | Integrated Dell Remote Access Controller 9 |
Affected:
unspecified , < 5.10.10.00
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:55.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Integrated Dell Remote Access Controller 9",
"vendor": "Dell",
"versions": [
{
"lessThan": "5.10.10.00",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-05-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-26T15:20:22",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@dell.com",
"DATE_PUBLIC": "2022-05-11",
"ID": "CVE-2022-24422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Dell Remote Access Controller 9",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "5.10.10.00"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.6,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability",
"refsource": "MISC",
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2022-24422",
"datePublished": "2022-05-26T15:20:22.189079Z",
"dateReserved": "2022-02-04T00:00:00",
"dateUpdated": "2024-09-16T22:31:28.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-25943
Vulnerability from fkie_nvd - Published: 2024-06-29 13:15 - Updated: 2025-02-03 15:24
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac9:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5779DFD-C507-4264-994A-D4B462F2276A",
"versionEndExcluding": "7.00.00.172",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac9:*:*:*:*:*:*:*:*",
"matchCriteriaId": "281F86D0-7B91-48EB-A83C-CDF53CC4744E",
"versionEndExcluding": "7.10.50.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application."
},
{
"lang": "es",
"value": "iDRAC9, versiones anteriores a 7.00.00.172 para la 14.\u00aa generaci\u00f3n y 7.10.50.00 para las 15.\u00aa y 16.\u00aa generaci\u00f3n, contiene una vulnerabilidad de secuestro de sesi\u00f3n en IPMI. Un atacante remoto podr\u00eda explotar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo arbitrario en la aplicaci\u00f3n vulnerable."
}
],
"id": "CVE-2024-25943",
"lastModified": "2025-02-03T15:24:40.200",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-06-29T13:15:10.403",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-24422
Vulnerability from fkie_nvd - Published: 2022-05-26 16:15 - Updated: 2024-11-21 06:50
Severity ?
9.6 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac9:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2CC8B5B-1C7D-4760-BA05-D1C538E12C01",
"versionEndExcluding": "5.10.10.00",
"versionStartIncluding": "5.00.00.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console."
},
{
"lang": "es",
"value": "Dell iDRAC9 versiones de 5.00.00.00 y posteriores, pero anteriores a 5.10.10.00, contienen una vulnerabilidad de autenticaci\u00f3n inapropiada. Un atacante remoto no autenticado puede explotar esta vulnerabilidad para conseguir acceso a la consola VNC"
}
],
"id": "CVE-2022-24422",
"lastModified": "2024-11-21T06:50:23.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-26T16:15:08.113",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "security_alert@emc.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
VAR-202104-0684
Vulnerability from variot - Updated: 2024-02-13 01:49Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0684",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.40.00.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.40.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"cve": "CVE-2021-21544",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-379948",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-21544",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21544",
"trust": 1.0,
"value": "LOW"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21544",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-2304",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-379948",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21544",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379948"
},
{
"db": "VULMON",
"id": "CVE-2021-21544"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2304"
},
{
"db": "NVD",
"id": "CVE-2021-21544"
},
{
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to any user. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21544"
},
{
"db": "VULHUB",
"id": "VHN-379948"
},
{
"db": "VULMON",
"id": "CVE-2021-21544"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21544",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2304",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-379948",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21544",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379948"
},
{
"db": "VULMON",
"id": "CVE-2021-21544"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2304"
},
{
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"id": "VAR-202104-0684",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379948"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T01:49:07.754000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC9 Security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=149950"
},
{
"title": "CVE-numbers",
"trust": 0.1,
"url": "https://github.com/kosmosec/cve-numbers "
},
{
"title": "iDRAC-CVE-lib",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-21544"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2304"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379948"
},
{
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000185293"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21544"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/kosmosec/cve-numbers"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379948"
},
{
"db": "VULMON",
"id": "CVE-2021-21544"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2304"
},
{
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379948"
},
{
"db": "VULMON",
"id": "CVE-2021-21544"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2304"
},
{
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379948"
},
{
"date": "2021-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21544"
},
{
"date": "2021-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2304"
},
{
"date": "2021-04-30T21:15:08.900000",
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-25T00:00:00",
"db": "VULHUB",
"id": "VHN-379948"
},
{
"date": "2022-10-25T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21544"
},
{
"date": "2022-10-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2304"
},
{
"date": "2022-10-25T19:14:50.563000",
"db": "NVD",
"id": "CVE-2021-21544"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2304"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Authorization problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2304"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2304"
}
],
"trust": 0.6
}
}
VAR-201904-0132
Vulnerability from variot - Updated: 2023-12-18 14:05Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface. Dell EMC iDRAC9 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0132",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.30.30.30"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"db": "NVD",
"id": "CVE-2019-3707"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.30.30.30",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3707"
}
]
},
"cve": "CVE-2019-3707",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-3707",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-155142",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3707",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3707",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3707",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201904-1252",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-155142",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3707",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155142"
},
{
"db": "VULMON",
"id": "CVE-2019-3707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"db": "NVD",
"id": "CVE-2019-3707"
},
{
"db": "NVD",
"id": "CVE-2019-3707"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface. Dell EMC iDRAC9 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"db": "VULHUB",
"id": "VHN-155142"
},
{
"db": "VULMON",
"id": "CVE-2019-3707"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3707",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004142",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1252",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155142",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3707",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155142"
},
{
"db": "VULMON",
"id": "CVE-2019-3707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"db": "NVD",
"id": "CVE-2019-3707"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
]
},
"id": "VAR-201904-0132",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155142"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:05:10.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-028",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
},
{
"title": "Dell EMC iDRAC9 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92068"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155142"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"db": "NVD",
"id": "CVE-2019-3707"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3707"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3707"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155142"
},
{
"db": "VULMON",
"id": "CVE-2019-3707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"db": "NVD",
"id": "CVE-2019-3707"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155142"
},
{
"db": "VULMON",
"id": "CVE-2019-3707"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"db": "NVD",
"id": "CVE-2019-3707"
},
{
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-155142"
},
{
"date": "2019-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3707"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"date": "2019-04-26T19:29:00.637000",
"db": "NVD",
"id": "CVE-2019-3707"
},
{
"date": "2019-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-155142"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3707"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004142"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-3707"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004142"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201904-1252"
}
],
"trust": 0.6
}
}
VAR-202205-1567
Vulnerability from variot - Updated: 2023-12-18 13:46Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. Dell iDRAC9 is provided by Dell (DELL) to provide comprehensive, embedded management, and automation functions for the entire PowerEdge series of servers. a controller.
An authorization issue vulnerability in Dell iDRAC9 stems from improper rights management, which could allow attackers to bypass Dell iDRAC9 restrictions to gain user privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202205-1567",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "5.00.00.00"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "5.10.10.00"
},
{
"model": "emc idrac9",
"scope": null,
"trust": 0.6,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"db": "NVD",
"id": "CVE-2022-24422"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:idrac9:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.10.10.00",
"versionStartIncluding": "5.00.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24422"
}
]
},
"cve": "CVE-2022-24422",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-42736",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-414169",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2022-24422",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-24422",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2022-24422",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-42736",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202205-3714",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-414169",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-24422",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"db": "VULHUB",
"id": "VHN-414169"
},
{
"db": "VULMON",
"id": "CVE-2022-24422"
},
{
"db": "NVD",
"id": "CVE-2022-24422"
},
{
"db": "NVD",
"id": "CVE-2022-24422"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3714"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. Dell iDRAC9 is provided by Dell (DELL) to provide comprehensive, embedded management, and automation functions for the entire PowerEdge series of servers. a controller. \n\r\n\r\nAn authorization issue vulnerability in Dell iDRAC9 stems from improper rights management, which could allow attackers to bypass Dell iDRAC9 restrictions to gain user privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-24422"
},
{
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"db": "VULHUB",
"id": "VHN-414169"
},
{
"db": "VULMON",
"id": "CVE-2022-24422"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-24422",
"trust": 2.4
},
{
"db": "CNVD",
"id": "CNVD-2022-42736",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3714",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-414169",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-24422",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"db": "VULHUB",
"id": "VHN-414169"
},
{
"db": "VULMON",
"id": "CVE-2022-24422"
},
{
"db": "NVD",
"id": "CVE-2022-24422"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3714"
}
]
},
"id": "VAR-202205-1567",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"db": "VULHUB",
"id": "VHN-414169"
}
],
"trust": 1.2769230999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42736"
}
]
},
"last_update_date": "2023-12-18T13:46:41.232000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-414169"
},
{
"db": "NVD",
"id": "CVE-2022-24422"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/en-us/000199267/dsa-2022-068-dell-idrac9-security-update-for-an-improper-authentication-vulnerability"
},
{
"trust": 1.2,
"url": "https://vigilance.fr/vulnerability/dell-idrac9-user-access-38398"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-24422/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"db": "VULHUB",
"id": "VHN-414169"
},
{
"db": "VULMON",
"id": "CVE-2022-24422"
},
{
"db": "NVD",
"id": "CVE-2022-24422"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3714"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"db": "VULHUB",
"id": "VHN-414169"
},
{
"db": "VULMON",
"id": "CVE-2022-24422"
},
{
"db": "NVD",
"id": "CVE-2022-24422"
},
{
"db": "CNNVD",
"id": "CNNVD-202205-3714"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"date": "2022-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-414169"
},
{
"date": "2022-05-26T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24422"
},
{
"date": "2022-05-26T16:15:08.113000",
"db": "NVD",
"id": "CVE-2022-24422"
},
{
"date": "2022-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3714"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-06-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-42736"
},
{
"date": "2022-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-414169"
},
{
"date": "2022-06-07T00:00:00",
"db": "VULMON",
"id": "CVE-2022-24422"
},
{
"date": "2022-06-07T17:07:01.157000",
"db": "NVD",
"id": "CVE-2022-24422"
},
{
"date": "2022-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202205-3714"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3714"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell iDRAC9 Authorization Issue Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-42736"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202205-3714"
}
],
"trust": 0.6
}
}
VAR-201807-1252
Vulnerability from variot - Updated: 2023-12-18 13:33Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac6",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.91"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.10.10"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.23.23"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.00.00"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.7"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.40.40"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.06.06"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.20.20"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.37.35"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.8"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.95"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.91",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.21.21.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1243"
}
]
},
"cve": "CVE-2018-1243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1243",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122388",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1243",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1243",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-1243",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122388",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1243",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1243",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122388",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1243",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"id": "VAR-201807-1252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:47.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iDRAC9 Home",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja"
},
{
"title": "Multiple Dell Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81664"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-358",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1243"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1243"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/358.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-122388"
},
{
"date": "2018-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"date": "2018-07-02T17:29:00.347000",
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"date": "2018-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-122388"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"date": "2019-10-09T23:38:16.460000",
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Vulnerabilities related to security checks in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
],
"trust": 0.6
}
}
VAR-202107-0499
Vulnerability from variot - Updated: 2023-12-18 13:32Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202107-0499",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.40.10.00"
},
{
"model": "idrac9",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "4.40.00.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21538"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.40.10.00",
"versionStartIncluding": "4.40.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21538"
}
]
},
"cve": "CVE-2021-21538",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-379942",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-21538",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21538",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21538",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202105-761",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-379942",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-21538",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379942"
},
{
"db": "VULMON",
"id": "CVE-2021-21538"
},
{
"db": "NVD",
"id": "CVE-2021-21538"
},
{
"db": "NVD",
"id": "CVE-2021-21538"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21538"
},
{
"db": "VULHUB",
"id": "VHN-379942"
},
{
"db": "VULMON",
"id": "CVE-2021-21538"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21538",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202105-761",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-379942",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21538",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379942"
},
{
"db": "VULMON",
"id": "CVE-2021-21538"
},
{
"db": "NVD",
"id": "CVE-2021-21538"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
]
},
"id": "VAR-202107-0499",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379942"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:32:35.330000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell iDRAC9 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=150265"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379942"
},
{
"db": "NVD",
"id": "CVE-2021-21538"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000186420"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/check-point-quantum-smart-1-privilege-escalation-via-idrac9-35401"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379942"
},
{
"db": "VULMON",
"id": "CVE-2021-21538"
},
{
"db": "NVD",
"id": "CVE-2021-21538"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379942"
},
{
"db": "VULMON",
"id": "CVE-2021-21538"
},
{
"db": "NVD",
"id": "CVE-2021-21538"
},
{
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-379942"
},
{
"date": "2021-07-29T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21538"
},
{
"date": "2021-07-29T16:15:08.693000",
"db": "NVD",
"id": "CVE-2021-21538"
},
{
"date": "2021-05-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-379942"
},
{
"date": "2021-08-06T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21538"
},
{
"date": "2021-08-06T16:31:00.097000",
"db": "NVD",
"id": "CVE-2021-21538"
},
{
"date": "2021-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DELL Dell EMC iDRAC9 Authorization problem vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202105-761"
}
],
"trust": 0.6
}
}
VAR-201807-1253
Vulnerability from variot - Updated: 2023-12-18 13:28Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. Dell EMC iDRAC7 , iDRAC8 ,and iDRAC9 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Dell EMC Products are prone to remote command-injection vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1253",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.10.10"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.23.23"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.00.00"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.40.40"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.06.06"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.20.20"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.37.35"
},
{
"model": "emc idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.0"
},
{
"model": "emc idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "emc idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2.52.52.52"
},
{
"model": "emc idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "emc idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "emc idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.60.60.60"
}
],
"sources": [
{
"db": "BID",
"id": "104964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.21.21.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1244"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "104964"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1244",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1244",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-122399",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1244",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1244",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-1244",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-057",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122399",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1244",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled. Dell EMC iDRAC7 , iDRAC8 ,and iDRAC9 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple Dell EMC Products are prone to remote command-injection vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "BID",
"id": "104964"
},
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "104964",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2018-1244",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122399",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1244",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "BID",
"id": "104964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"id": "VAR-201807-1253",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
}
],
"trust": 0.6769231
},
"last_update_date": "2023-12-18T13:28:50.206000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iDRAC9 Home",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja"
},
{
"title": "Dell EMC iDRAC7 , iDRAC8 and iDRAC9 Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81663"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/104964"
},
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1244"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1244"
},
{
"trust": 0.3,
"url": "http://www.emc.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "BID",
"id": "104964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122399"
},
{
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"db": "BID",
"id": "104964"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-122399"
},
{
"date": "2018-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"date": "2018-08-06T00:00:00",
"db": "BID",
"id": "104964"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"date": "2018-07-02T17:29:00.380000",
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"date": "2018-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-122399"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1244"
},
{
"date": "2018-08-06T00:00:00",
"db": "BID",
"id": "104964"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007908"
},
{
"date": "2019-10-09T23:38:16.587000",
"db": "NVD",
"id": "CVE-2018-1244"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Command injection vulnerability in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "command injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-057"
}
],
"trust": 0.6
}
}
VAR-202104-0683
Vulnerability from variot - Updated: 2023-12-18 13:27Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0683",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.40.00.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.40.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21543"
}
]
},
"cve": "CVE-2021-21543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-379947",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-21543",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21543",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21543",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-2305",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-379947",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-21543",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379947"
},
{
"db": "VULMON",
"id": "CVE-2021-21543"
},
{
"db": "NVD",
"id": "CVE-2021-21543"
},
{
"db": "NVD",
"id": "CVE-2021-21543"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21543"
},
{
"db": "VULHUB",
"id": "VHN-379947"
},
{
"db": "VULMON",
"id": "CVE-2021-21543"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21543",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2305",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-379947",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21543",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379947"
},
{
"db": "VULMON",
"id": "CVE-2021-21543"
},
{
"db": "NVD",
"id": "CVE-2021-21543"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
]
},
"id": "VAR-202104-0683",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379947"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:27:44.231000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC9 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149951"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379947"
},
{
"db": "NVD",
"id": "CVE-2021-21543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000185293"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21543"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379947"
},
{
"db": "VULMON",
"id": "CVE-2021-21543"
},
{
"db": "NVD",
"id": "CVE-2021-21543"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379947"
},
{
"db": "VULMON",
"id": "CVE-2021-21543"
},
{
"db": "NVD",
"id": "CVE-2021-21543"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379947"
},
{
"date": "2021-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21543"
},
{
"date": "2021-04-30T21:15:08.860000",
"db": "NVD",
"id": "CVE-2021-21543"
},
{
"date": "2021-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-379947"
},
{
"date": "2021-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21543"
},
{
"date": "2021-05-10T17:49:02.367000",
"db": "NVD",
"id": "CVE-2021-21543"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2305"
}
],
"trust": 0.6
}
}
VAR-201812-0038
Vulnerability from variot - Updated: 2023-12-18 13:23Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. Dell EMC iDRAC7 , iDRAC8 , iDRAC9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. Dell EMC iDRAC7, iDRAC8 and iDRAC9 are all system management solutions of Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0038",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "gte",
"trust": 1.0,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.20.20.20"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.19.19.19"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.18.18.18"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.20.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.18.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.17.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.16.16.16"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.19.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.17.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.15.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.11.11.11"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.00.00.00"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.61.60.60"
}
],
"sources": [
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.21.24.22",
"versionStartIncluding": "3.21.21.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.20.21.20",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15774"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jon Sands and Adam Nielsen",
"sources": [
{
"db": "BID",
"id": "106233"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15774",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-15774",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-126067",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-126069",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15774",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15774",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-15774",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-674",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-126067",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126069",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-15774",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access. Dell EMC iDRAC7 , iDRAC8 , iDRAC9 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Dell EMC iDRAC is prone to the following security vulnerabilities:\n1. A privilege-escalation vulnerability\n2. Dell EMC iDRAC7, iDRAC8 and iDRAC9 are all system management solutions of Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-15774",
"trust": 3.0
},
{
"db": "BID",
"id": "106233",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-15727",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126067",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-15728",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126069",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15774",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"id": "VAR-201812-0038",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
}
],
"trust": 0.02
},
"last_update_date": "2023-12-18T13:23:54.777000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC \u306e\u8907\u6570\u306e\u8106\u5f31\u6027 (cve-2018-15774 \u304a\u3088\u3073 cve-2018-15776)",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-\u306e\u8907\u6570\u306e\u8106\u5f31\u6027-cve-2018-15774-\u304a\u3088\u3073-cve-2018-15776?lang=ja"
},
{
"title": "Dell EMC iDRAC Multiple Vulnerabilities (CVE-2018-15774 and CVE-2018-15776)",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776?lang=en"
},
{
"title": "Dell EMC iDRAC7 , iDRAC8 and iDRAC9 Fixes for permission permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87909"
},
{
"title": "reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling",
"trust": 0.1,
"url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
},
{
"problemtype": "CWE-388",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://www.securityfocus.com/bid/106233"
},
{
"trust": 2.2,
"url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15774"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15774"
},
{
"trust": 0.3,
"url": "https://www.dellemc.com/en-us/index.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126067"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-126067"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-126069"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106233"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"date": "2018-12-13T22:29:00.327000",
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-126067"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-126069"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15774"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106233"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014040"
},
{
"date": "2019-10-09T23:35:52.893000",
"db": "NVD",
"id": "CVE-2018-15774"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014040"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-674"
}
],
"trust": 0.6
}
}
VAR-201812-0039
Vulnerability from variot - Updated: 2023-12-18 13:23Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. Dell EMC iDRAC is prone to the following security vulnerabilities: 1. A privilege-escalation vulnerability 2. A local unauthorized-access vulnerability An attacker can exploit this issue to run processes with elevated privileges, gain unauthorized access and execute arbitrary commands with user privileges in context of the affected application. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0039",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.20.20.20"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.19.19.19"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.18.18.18"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.20.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.18.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.17.17.17"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.16.16.16"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.19.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.17.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.15.15.15"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.11.11.11"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.00.00.00"
},
{
"model": "idrac8",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac8",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac7",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "2.61.60.60"
}
],
"sources": [
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15776"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jon Sands and Adam Nielsen",
"sources": [
{
"db": "BID",
"id": "106233"
}
],
"trust": 0.3
},
"cve": "CVE-2018-15776",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-15776",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-126069",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-15776",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-15776",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-15776",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201812-673",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-126069",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-15776",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. Dell EMC iDRAC is prone to the following security vulnerabilities:\n1. A privilege-escalation vulnerability\n2. A local unauthorized-access vulnerability\nAn attacker can exploit this issue to run processes with elevated privileges, gain unauthorized access and execute arbitrary commands with user privileges in context of the affected application. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "106233",
"trust": 2.9
},
{
"db": "NVD",
"id": "CVE-2018-15776",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2020-15728",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-126069",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-15776",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"id": "VAR-201812-0039",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:51.518000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC \u306e\u8907\u6570\u306e\u8106\u5f31\u6027 (cve-2018-15774 \u304a\u3088\u3073 cve-2018-15776)",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln315190/dell-emc-idrac-\u306e\u8907\u6570\u306e\u8106\u5f31\u6027-cve-2018-15774-\u304a\u3088\u3073-cve-2018-15776?lang=ja"
},
{
"title": "Dell EMC iDRAC7 and iDRAC8 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87908"
},
{
"title": "reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling",
"trust": 0.1,
"url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-388",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/106233"
},
{
"trust": 2.1,
"url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15776"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-15776"
},
{
"trust": 0.3,
"url": "https://www.dellemc.com/en-us/index.htm"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/l4rz/reverse-engineering-dell-idrac-to-get-rid-of-gpu-throttling"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-126069"
},
{
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"db": "BID",
"id": "106233"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-126069"
},
{
"date": "2018-12-13T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106233"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"date": "2018-12-13T22:29:00.377000",
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-126069"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-15776"
},
{
"date": "2018-12-13T00:00:00",
"db": "BID",
"id": "106233"
},
{
"date": "2019-03-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014039"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-15776"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7 and iDRAC8 Error handling vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201812-673"
}
],
"trust": 0.6
}
}
VAR-202104-0680
Vulnerability from variot - Updated: 2023-12-18 13:22Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0680",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.40.00.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21540"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.40.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21540"
}
]
},
"cve": "CVE-2021-21540",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-379944",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2021-21540",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21540",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21540",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-2279",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-379944",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21540",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379944"
},
{
"db": "VULMON",
"id": "CVE-2021-21540"
},
{
"db": "NVD",
"id": "CVE-2021-21540"
},
{
"db": "NVD",
"id": "CVE-2021-21540"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21540"
},
{
"db": "VULHUB",
"id": "VHN-379944"
},
{
"db": "VULMON",
"id": "CVE-2021-21540"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21540",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2279",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-379944",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21540",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379944"
},
{
"db": "VULMON",
"id": "CVE-2021-21540"
},
{
"db": "NVD",
"id": "CVE-2021-21540"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
]
},
"id": "VAR-202104-0680",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379944"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:22:56.810000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC9 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149944"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-21540"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379944"
},
{
"db": "NVD",
"id": "CVE-2021-21540"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000185293"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21540"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379944"
},
{
"db": "VULMON",
"id": "CVE-2021-21540"
},
{
"db": "NVD",
"id": "CVE-2021-21540"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379944"
},
{
"db": "VULMON",
"id": "CVE-2021-21540"
},
{
"db": "NVD",
"id": "CVE-2021-21540"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379944"
},
{
"date": "2021-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21540"
},
{
"date": "2021-04-30T21:15:08.740000",
"db": "NVD",
"id": "CVE-2021-21540"
},
{
"date": "2021-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-379944"
},
{
"date": "2022-10-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21540"
},
{
"date": "2022-10-24T18:21:03.637000",
"db": "NVD",
"id": "CVE-2021-21540"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2279"
}
],
"trust": 0.6
}
}
VAR-201807-1247
Vulnerability from variot - Updated: 2023-12-18 13:19Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server. Dell EMC iDRAC9 Contains vulnerabilities related to security features.Information may be obtained. Dell EMC iDRAC9 is prone to security-bypass vulnerability. Successfully exploiting this issue may allow attackers to bypass certain security restrictions by conducting a man-in-the-middle attack. This may lead to other attacks. Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1247",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "emc idrac9",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3.0"
},
{
"model": "emc idrac9",
"scope": "ne",
"trust": 0.3,
"vendor": "dell",
"version": "3.21.21.21"
}
],
"sources": [
{
"db": "BID",
"id": "104965"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"db": "NVD",
"id": "CVE-2018-1249"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.21.21.21",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1249"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "104965"
}
],
"trust": 0.3
},
"cve": "CVE-2018-1249",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1249",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-122454",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1249",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1249",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-1249",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-056",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-122454",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1249",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122454"
},
{
"db": "VULMON",
"id": "CVE-2018-1249"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"db": "NVD",
"id": "CVE-2018-1249"
},
{
"db": "NVD",
"id": "CVE-2018-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server. Dell EMC iDRAC9 Contains vulnerabilities related to security features.Information may be obtained. Dell EMC iDRAC9 is prone to security-bypass vulnerability. \nSuccessfully exploiting this issue may allow attackers to bypass certain security restrictions by conducting a man-in-the-middle attack. This may lead to other attacks. Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1249"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"db": "BID",
"id": "104965"
},
{
"db": "VULHUB",
"id": "VHN-122454"
},
{
"db": "VULMON",
"id": "CVE-2018-1249"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1249",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-056",
"trust": 0.7
},
{
"db": "BID",
"id": "104965",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-122454",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1249",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122454"
},
{
"db": "VULMON",
"id": "CVE-2018-1249"
},
{
"db": "BID",
"id": "104965"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"db": "NVD",
"id": "CVE-2018-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
]
},
"id": "VAR-201807-1247",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122454"
}
],
"trust": 0.6769231
},
"last_update_date": "2023-12-18T13:19:01.725000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iDRAC9 Home",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja"
},
{
"title": "Dell EMC iDRAC9 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81662"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1249"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122454"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"db": "NVD",
"id": "CVE-2018-1249"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1249"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1249"
},
{
"trust": 0.3,
"url": "http://www.emc.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122454"
},
{
"db": "VULMON",
"id": "CVE-2018-1249"
},
{
"db": "BID",
"id": "104965"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"db": "NVD",
"id": "CVE-2018-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122454"
},
{
"db": "VULMON",
"id": "CVE-2018-1249"
},
{
"db": "BID",
"id": "104965"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"db": "NVD",
"id": "CVE-2018-1249"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-122454"
},
{
"date": "2018-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1249"
},
{
"date": "2018-07-02T00:00:00",
"db": "BID",
"id": "104965"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"date": "2018-07-02T17:29:00.427000",
"db": "NVD",
"id": "CVE-2018-1249"
},
{
"date": "2018-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-122454"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1249"
},
{
"date": "2018-07-02T00:00:00",
"db": "BID",
"id": "104965"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007909"
},
{
"date": "2019-10-09T23:38:17.037000",
"db": "NVD",
"id": "CVE-2018-1249"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007909"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-056"
}
],
"trust": 0.6
}
}
VAR-202104-0681
Vulnerability from variot - Updated: 2023-12-18 13:07Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0681",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.40.00.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21541"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.40.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21541"
}
]
},
"cve": "CVE-2021-21541",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-379945",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-21541",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21541",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21541",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-2278",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-379945",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21541",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379945"
},
{
"db": "VULMON",
"id": "CVE-2021-21541"
},
{
"db": "NVD",
"id": "CVE-2021-21541"
},
{
"db": "NVD",
"id": "CVE-2021-21541"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21541"
},
{
"db": "VULHUB",
"id": "VHN-379945"
},
{
"db": "VULMON",
"id": "CVE-2021-21541"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21541",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2278",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-379945",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21541",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379945"
},
{
"db": "VULMON",
"id": "CVE-2021-21541"
},
{
"db": "NVD",
"id": "CVE-2021-21541"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
]
},
"id": "VAR-202104-0681",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379945"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:07:11.976000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC9 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149943"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379945"
},
{
"db": "NVD",
"id": "CVE-2021-21541"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000185293"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21541"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379945"
},
{
"db": "VULMON",
"id": "CVE-2021-21541"
},
{
"db": "NVD",
"id": "CVE-2021-21541"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379945"
},
{
"db": "VULMON",
"id": "CVE-2021-21541"
},
{
"db": "NVD",
"id": "CVE-2021-21541"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379945"
},
{
"date": "2021-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21541"
},
{
"date": "2021-04-30T21:15:08.780000",
"db": "NVD",
"id": "CVE-2021-21541"
},
{
"date": "2021-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-379945"
},
{
"date": "2021-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21541"
},
{
"date": "2021-05-10T17:06:02.647000",
"db": "NVD",
"id": "CVE-2021-21541"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2278"
}
],
"trust": 0.6
}
}
VAR-201911-0372
Vulnerability from variot - Updated: 2023-12-18 13:02Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. Dell EMC iDRAC8 and iDRAC9 Contains an unauthorized authentication vulnerability.Information may be obtained. Dell EMC iDRAC9 and others are products of Dell (Dell). This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.70.70.70"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.36.36.36"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "2.65.65.65"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.65.65.65",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.70.70.70",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.36.36.36",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3764"
}
]
},
"cve": "CVE-2019-3764",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-3764",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-155199",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-3764",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3764",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3764",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-419",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-155199",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-3764",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. Dell EMC iDRAC8 and iDRAC9 Contains an unauthorized authentication vulnerability.Information may be obtained. Dell EMC iDRAC9 and others are products of Dell (Dell). This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3764",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155199",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3764",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"id": "VAR-201911-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:02:02.311000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-137",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
},
{
"title": "Dell EMC iDRAC7 , iDRAC8 and iDRAC9 Remediation measures for authorization problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=108199"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3764"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3764"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/rsa-authentication-manager-vulnerability-via-idrac-31132"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110909"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155199"
},
{
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-07T00:00:00",
"db": "VULHUB",
"id": "VHN-155199"
},
{
"date": "2019-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"date": "2019-11-07T18:15:12.167000",
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-155199"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3764"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011827"
},
{
"date": "2020-10-16T13:28:55.067000",
"db": "NVD",
"id": "CVE-2019-3764"
},
{
"date": "2020-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC8 and iDRAC9 Vulnerable to unauthorized authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011827"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-419"
}
],
"trust": 0.6
}
}
VAR-201904-0131
Vulnerability from variot - Updated: 2023-12-18 12:50Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface. Dell EMC iDRAC9 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RSA Archer GRC Platform is prone to multiple information disclosure vulnerabilities. Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Recommendation: For CVE-2019-3705, the following RSA Archer releases contain a resolution for this vulnerability: * RSA Archer version 6.5 P1 (6.5.0.1) * RSA Archer version 6.5 P2 (6.5.0.2) [6.5 P2 contains the items fixed in 6.5 P1] * RSA Archer version 6.4 SP1 P5 (6.4.1.5)
For CVE-2019-3706, the following RSA Archer releases contain a resolution for this vulnerability: * RSA Archer version 6.5 P2 (6.5.0.2) * RSA Archer version 6.4 SP1 P5 (6.4.1.5)
RSA recommends all customers upgrade at the earliest opportunity.
Severity Rating For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating (https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Legal Information Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages wha tsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell Product Security Incident Response Team secure@dell.com -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlx4N6AACgkQgSlofD2Y i6dXzQ//XHQsdsvdDqGc85jOTtTRZ0VWhxe3g76dAW7u5tmKt8dyHZF4QqaXtc/p qKRdrWl6SK/ajzxhnF7PaMmLLLAYnHBzL56Vo0ZTjcXD/8rMfTh+WX8v/M06TOjG UgJTdtVGKILsBGmuViwVtvpTLsmeVhbhq34dbMscLhrgjwvrTmsCW3Zv+6w4/x5G umlHR8f+asAYs/JKJ3IvFo5i/v1wKoXsFQVXN8RtySzRVKX+Jx3fsqfCnC+cj4cz 6SnaOPQMBRTPzev4vcWGR4HxoQjE6vl3xgKYyi1bAQf6sZnZpVvzmvPi6OZDfV9q jm+32qvMbwjH2L0POwk7djnmaeZ9qRM3cYihHRJhuOaqW4UyVxhy7ZwZIXeYwOX4 lGiyqt6gtGpUjAFgI1qycGOzVu4W1pZhmIAPRk5KYFapr3BEmgWoDwrvjF7QqRq8 wt5J1Us6XWc4D+wqMIo7YZmnvO9Bz73oxBKqvZXNUJSxfQroAQhcG4DJy+TH+nC7 MWMH2EEdhL5ibCog6AMRksMmU08Cw2gIvKnotOgRIPUnirlfn22IpukqV2prBrHH zOoHOLRx865jPqPPHb4Tp+DvGDwtscwiGyI9AaeemutPbUhlibP/vMyQh8wKItCl F+iHsckY/7Mh2/FH3a0vWb57edaT4lPgvt8JwwP4OfE+a7qXpuA= =lmP4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0131",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac9",
"scope": "eq",
"trust": 1.0,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.21.25.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.22.22.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.24.24.24"
},
{
"model": "rsa archer grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform p2",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform p1",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform sp1 p5",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.4"
}
],
"sources": [
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"db": "NVD",
"id": "CVE-2019-3706"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:3.20.21.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:3.23.23.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:3.21.24.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3706"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Dell Product Security Incident Response Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3706",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-3706",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-155141",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3706",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3706",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3706",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-024",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-155141",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3706",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155141"
},
{
"db": "VULMON",
"id": "CVE-2019-3706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"db": "NVD",
"id": "CVE-2019-3706"
},
{
"db": "NVD",
"id": "CVE-2019-3706"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface. Dell EMC iDRAC9 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RSA Archer GRC Platform is prone to multiple information disclosure vulnerabilities. Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Users\u0027 session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks. \n\nCVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\nRecommendation:\nFor CVE-2019-3705, the following RSA Archer releases contain a resolution for this vulnerability:\n* RSA Archer version 6.5 P1 (6.5.0.1)\n* RSA Archer version 6.5 P2 (6.5.0.2) [6.5 P2 contains the items fixed in 6.5 P1]\n* RSA Archer version 6.4 SP1 P5 (6.4.1.5)\n\nFor CVE-2019-3706, the following RSA Archer releases contain a resolution for this vulnerability:\n* RSA Archer version 6.5 P2 (6.5.0.2)\n* RSA Archer version 6.4 SP1 P5 (6.4.1.5)\n\n\nRSA recommends all customers upgrade at the earliest opportunity. \n\nSeverity Rating\nFor an explanation of Severity Ratings, refer to the Security Advisories Severity Rating (https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nLegal Information\nRead and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages wha\n tsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \nDell Product Security Incident Response Team\nsecure@dell.com\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlx4N6AACgkQgSlofD2Y\ni6dXzQ//XHQsdsvdDqGc85jOTtTRZ0VWhxe3g76dAW7u5tmKt8dyHZF4QqaXtc/p\nqKRdrWl6SK/ajzxhnF7PaMmLLLAYnHBzL56Vo0ZTjcXD/8rMfTh+WX8v/M06TOjG\nUgJTdtVGKILsBGmuViwVtvpTLsmeVhbhq34dbMscLhrgjwvrTmsCW3Zv+6w4/x5G\numlHR8f+asAYs/JKJ3IvFo5i/v1wKoXsFQVXN8RtySzRVKX+Jx3fsqfCnC+cj4cz\n6SnaOPQMBRTPzev4vcWGR4HxoQjE6vl3xgKYyi1bAQf6sZnZpVvzmvPi6OZDfV9q\njm+32qvMbwjH2L0POwk7djnmaeZ9qRM3cYihHRJhuOaqW4UyVxhy7ZwZIXeYwOX4\nlGiyqt6gtGpUjAFgI1qycGOzVu4W1pZhmIAPRk5KYFapr3BEmgWoDwrvjF7QqRq8\nwt5J1Us6XWc4D+wqMIo7YZmnvO9Bz73oxBKqvZXNUJSxfQroAQhcG4DJy+TH+nC7\nMWMH2EEdhL5ibCog6AMRksMmU08Cw2gIvKnotOgRIPUnirlfn22IpukqV2prBrHH\nzOoHOLRx865jPqPPHb4Tp+DvGDwtscwiGyI9AaeemutPbUhlibP/vMyQh8wKItCl\nF+iHsckY/7Mh2/FH3a0vWb57edaT4lPgvt8JwwP4OfE+a7qXpuA=\n=lmP4\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3706"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "VULHUB",
"id": "VHN-155141"
},
{
"db": "VULMON",
"id": "CVE-2019-3706"
},
{
"db": "PACKETSTORM",
"id": "151935"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3706",
"trust": 3.0
},
{
"db": "BID",
"id": "107209",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004143",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-024",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "151935",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155141",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3706",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155141"
},
{
"db": "VULMON",
"id": "CVE-2019-3706"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3706"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
]
},
"id": "VAR-201904-0131",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155141"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:23.701000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-028",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
},
{
"title": "Dell EMC RSA Archer Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89718"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155141"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"db": "NVD",
"id": "CVE-2019-3706"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3706"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3706"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/107209"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/151935/rsa-archer-grc-platform-information-exposure.html"
},
{
"trust": 0.3,
"url": "http://www.rsa.com/"
},
{
"trust": 0.3,
"url": "https://seclists.org/fulldisclosure/2019/mar/4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://community.rsa.com/docs/doc-1294)."
},
{
"trust": 0.1,
"url": "https://community.rsa.com/docs/doc-47147)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3705"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155141"
},
{
"db": "VULMON",
"id": "CVE-2019-3706"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3706"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155141"
},
{
"db": "VULMON",
"id": "CVE-2019-3706"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3706"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-155141"
},
{
"date": "2019-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3706"
},
{
"date": "2019-02-28T00:00:00",
"db": "BID",
"id": "107209"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"date": "2019-03-03T16:00:16",
"db": "PACKETSTORM",
"id": "151935"
},
{
"date": "2019-04-26T19:29:00.587000",
"db": "NVD",
"id": "CVE-2019-3706"
},
{
"date": "2019-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-155141"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3706"
},
{
"date": "2019-02-28T00:00:00",
"db": "BID",
"id": "107209"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004143"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-3706"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Authentication vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004143"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-024"
}
],
"trust": 0.6
}
}
VAR-201904-0130
Vulnerability from variot - Updated: 2023-12-18 12:50Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. plural Dell EMC iDRAC The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RSA Archer GRC Platform is prone to multiple information disclosure vulnerabilities. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Dell EMC iDRAC9 and others are products of Dell (Dell). Dell EMC iDRAC9 is a system management solution that includes hardware and software. Dell EMC iDRAC6 is a system management solution that includes hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Dell EMC iDRAC7 is a system management solution that includes hardware and software. A buffer error vulnerability exists in several Dell products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Users' session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks.
CVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Recommendation: For CVE-2019-3705, the following RSA Archer releases contain a resolution for this vulnerability: * RSA Archer version 6.5 P1 (6.5.0.1) * RSA Archer version 6.5 P2 (6.5.0.2) [6.5 P2 contains the items fixed in 6.5 P1] * RSA Archer version 6.4 SP1 P5 (6.4.1.5)
For CVE-2019-3706, the following RSA Archer releases contain a resolution for this vulnerability: * RSA Archer version 6.5 P2 (6.5.0.2) * RSA Archer version 6.4 SP1 P5 (6.4.1.5)
RSA recommends all customers upgrade at the earliest opportunity.
Severity Rating For an explanation of Severity Ratings, refer to the Security Advisories Severity Rating (https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
Legal Information Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages wha tsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. Dell Product Security Incident Response Team secure@dell.com -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlx4N6AACgkQgSlofD2Y i6dXzQ//XHQsdsvdDqGc85jOTtTRZ0VWhxe3g76dAW7u5tmKt8dyHZF4QqaXtc/p qKRdrWl6SK/ajzxhnF7PaMmLLLAYnHBzL56Vo0ZTjcXD/8rMfTh+WX8v/M06TOjG UgJTdtVGKILsBGmuViwVtvpTLsmeVhbhq34dbMscLhrgjwvrTmsCW3Zv+6w4/x5G umlHR8f+asAYs/JKJ3IvFo5i/v1wKoXsFQVXN8RtySzRVKX+Jx3fsqfCnC+cj4cz 6SnaOPQMBRTPzev4vcWGR4HxoQjE6vl3xgKYyi1bAQf6sZnZpVvzmvPi6OZDfV9q jm+32qvMbwjH2L0POwk7djnmaeZ9qRM3cYihHRJhuOaqW4UyVxhy7ZwZIXeYwOX4 lGiyqt6gtGpUjAFgI1qycGOzVu4W1pZhmIAPRk5KYFapr3BEmgWoDwrvjF7QqRq8 wt5J1Us6XWc4D+wqMIo7YZmnvO9Bz73oxBKqvZXNUJSxfQroAQhcG4DJy+TH+nC7 MWMH2EEdhL5ibCog6AMRksMmU08Cw2gIvKnotOgRIPUnirlfn22IpukqV2prBrHH zOoHOLRx865jPqPPHb4Tp+DvGDwtscwiGyI9AaeemutPbUhlibP/vMyQh8wKItCl F+iHsckY/7Mh2/FH3a0vWb57edaT4lPgvt8JwwP4OfE+a7qXpuA= =lmP4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac6",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.92"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.61.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.20.21.20"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.21.24.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.21.26.22"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 0.8,
"vendor": "dell",
"version": "3.23.23.23"
},
{
"model": "rsa archer grc platform",
"scope": "eq",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform p2",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform p1",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.5"
},
{
"model": "rsa archer grc platform sp1 p5",
"scope": "ne",
"trust": 0.3,
"vendor": "emc",
"version": "6.4"
}
],
"sources": [
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.92",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.61.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.20.21.20",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3705"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.,Dell Product Security Incident Response Team",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
],
"trust": 0.6
},
"cve": "CVE-2019-3705",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2019-3705",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-155140",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3705",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-3705",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2019-3705",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-026",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-155140",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-3705",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system. plural Dell EMC iDRAC The product contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RSA Archer GRC Platform is prone to multiple information disclosure vulnerabilities. \nAn attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Dell EMC iDRAC9 and others are products of Dell (Dell). Dell EMC iDRAC9 is a system management solution that includes hardware and software. Dell EMC iDRAC6 is a system management solution that includes hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Dell EMC iDRAC7 is a system management solution that includes hardware and software. A buffer error vulnerability exists in several Dell products. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. Attackers can exploit this vulnerability to cause buffer overflow or heap overflow, etc. Users\u0027 session information is logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. The database connection password may get logged in plain text in the RSA Archer log files. An authenticated malicious local user with access to the log files may obtain the exposed password to use it in further attacks. \n\nCVSSv3 Base Score: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\nRecommendation:\nFor CVE-2019-3705, the following RSA Archer releases contain a resolution for this vulnerability:\n* RSA Archer version 6.5 P1 (6.5.0.1)\n* RSA Archer version 6.5 P2 (6.5.0.2) [6.5 P2 contains the items fixed in 6.5 P1]\n* RSA Archer version 6.4 SP1 P5 (6.4.1.5)\n\nFor CVE-2019-3706, the following RSA Archer releases contain a resolution for this vulnerability:\n* RSA Archer version 6.5 P2 (6.5.0.2)\n* RSA Archer version 6.4 SP1 P5 (6.4.1.5)\n\n\nRSA recommends all customers upgrade at the earliest opportunity. \n\nSeverity Rating\nFor an explanation of Severity Ratings, refer to the Security Advisories Severity Rating (https://community.rsa.com/docs/DOC-47147) knowledge base article. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability. \n\nLegal Information\nRead and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Technical Support (https://community.rsa.com/docs/DOC-1294). RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided \"as is\" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall RSA, its affiliates or its suppliers, be liable for any damages wha\n tsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply. \nDell Product Security Incident Response Team\nsecure@dell.com\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEP5nobPoCj3pTvhAZgSlofD2Yi6cFAlx4N6AACgkQgSlofD2Y\ni6dXzQ//XHQsdsvdDqGc85jOTtTRZ0VWhxe3g76dAW7u5tmKt8dyHZF4QqaXtc/p\nqKRdrWl6SK/ajzxhnF7PaMmLLLAYnHBzL56Vo0ZTjcXD/8rMfTh+WX8v/M06TOjG\nUgJTdtVGKILsBGmuViwVtvpTLsmeVhbhq34dbMscLhrgjwvrTmsCW3Zv+6w4/x5G\numlHR8f+asAYs/JKJ3IvFo5i/v1wKoXsFQVXN8RtySzRVKX+Jx3fsqfCnC+cj4cz\n6SnaOPQMBRTPzev4vcWGR4HxoQjE6vl3xgKYyi1bAQf6sZnZpVvzmvPi6OZDfV9q\njm+32qvMbwjH2L0POwk7djnmaeZ9qRM3cYihHRJhuOaqW4UyVxhy7ZwZIXeYwOX4\nlGiyqt6gtGpUjAFgI1qycGOzVu4W1pZhmIAPRk5KYFapr3BEmgWoDwrvjF7QqRq8\nwt5J1Us6XWc4D+wqMIo7YZmnvO9Bz73oxBKqvZXNUJSxfQroAQhcG4DJy+TH+nC7\nMWMH2EEdhL5ibCog6AMRksMmU08Cw2gIvKnotOgRIPUnirlfn22IpukqV2prBrHH\nzOoHOLRx865jPqPPHb4Tp+DvGDwtscwiGyI9AaeemutPbUhlibP/vMyQh8wKItCl\nF+iHsckY/7Mh2/FH3a0vWb57edaT4lPgvt8JwwP4OfE+a7qXpuA=\n=lmP4\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "PACKETSTORM",
"id": "151935"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-155140",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3705",
"trust": 3.0
},
{
"db": "BID",
"id": "107209",
"trust": 1.0
},
{
"db": "PACKETSTORM",
"id": "151935",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-155140",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-3705",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"id": "VAR-201904-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:50:23.747000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-2019-028",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
},
{
"title": "Dell EMC RSA Archer Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89720"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3705"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3705"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/107209"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/151935/rsa-archer-grc-platform-information-exposure.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/dell-emc-idrac6-buffer-overflow-29660"
},
{
"trust": 0.3,
"url": "http://www.rsa.com/"
},
{
"trust": 0.3,
"url": "https://seclists.org/fulldisclosure/2019/mar/4"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3706"
},
{
"trust": 0.1,
"url": "https://community.rsa.com/docs/doc-1294)."
},
{
"trust": 0.1,
"url": "https://community.rsa.com/docs/doc-47147)"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-155140"
},
{
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"db": "BID",
"id": "107209"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"db": "PACKETSTORM",
"id": "151935"
},
{
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-155140"
},
{
"date": "2019-04-26T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"date": "2019-02-28T00:00:00",
"db": "BID",
"id": "107209"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"date": "2019-03-03T16:00:16",
"db": "PACKETSTORM",
"id": "151935"
},
{
"date": "2019-04-26T19:29:00.527000",
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"date": "2019-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-155140"
},
{
"date": "2020-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2019-3705"
},
{
"date": "2019-02-28T00:00:00",
"db": "BID",
"id": "107209"
},
{
"date": "2019-05-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004144"
},
{
"date": "2020-10-16T18:04:10.047000",
"db": "NVD",
"id": "CVE-2019-3705"
},
{
"date": "2020-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell EMC iDRAC Product buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004144"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-026"
}
],
"trust": 0.6
}
}
VAR-202104-0682
Vulnerability from variot - Updated: 2023-12-18 12:35Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0682",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.40.00.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21542"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.40.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21542"
}
]
},
"cve": "CVE-2021-21542",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-379946",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CVE-2021-21542",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21542",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21542",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-2306",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-379946",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-21542",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379946"
},
{
"db": "VULMON",
"id": "CVE-2021-21542"
},
{
"db": "NVD",
"id": "CVE-2021-21542"
},
{
"db": "NVD",
"id": "CVE-2021-21542"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21542"
},
{
"db": "VULHUB",
"id": "VHN-379946"
},
{
"db": "VULMON",
"id": "CVE-2021-21542"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21542",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2306",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-379946",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21542",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379946"
},
{
"db": "VULMON",
"id": "CVE-2021-21542"
},
{
"db": "NVD",
"id": "CVE-2021-21542"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
]
},
"id": "VAR-202104-0682",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379946"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:35:06.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC9 Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149952"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379946"
},
{
"db": "NVD",
"id": "CVE-2021-21542"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000185293"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21542"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379946"
},
{
"db": "VULMON",
"id": "CVE-2021-21542"
},
{
"db": "NVD",
"id": "CVE-2021-21542"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379946"
},
{
"db": "VULMON",
"id": "CVE-2021-21542"
},
{
"db": "NVD",
"id": "CVE-2021-21542"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379946"
},
{
"date": "2021-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21542"
},
{
"date": "2021-04-30T21:15:08.820000",
"db": "NVD",
"id": "CVE-2021-21542"
},
{
"date": "2021-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-379946"
},
{
"date": "2021-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21542"
},
{
"date": "2021-05-10T17:44:01.483000",
"db": "NVD",
"id": "CVE-2021-21542"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Cross-site scripting vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2306"
}
],
"trust": 0.6
}
}
VAR-202104-0679
Vulnerability from variot - Updated: 2023-12-18 12:26Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0679",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac9",
"scope": "lt",
"trust": 1.0,
"vendor": "dell",
"version": "4.40.00.00"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21539"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.40.00.00",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21539"
}
]
},
"cve": "CVE-2021-21539",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-379943",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2021-21539",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 4.7,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-21539",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2021-21539",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-2280",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-379943",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-21539",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379943"
},
{
"db": "VULMON",
"id": "CVE-2021-21539"
},
{
"db": "NVD",
"id": "CVE-2021-21539"
},
{
"db": "NVD",
"id": "CVE-2021-21539"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface. DELL Dell EMC iDRAC9 is a set of system management solutions including hardware and software from Dell (DELL). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-21539"
},
{
"db": "VULHUB",
"id": "VHN-379943"
},
{
"db": "VULMON",
"id": "CVE-2021-21539"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-21539",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2280",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-379943",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-21539",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379943"
},
{
"db": "VULMON",
"id": "CVE-2021-21539"
},
{
"db": "NVD",
"id": "CVE-2021-21539"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
]
},
"id": "VAR-202104-0679",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-379943"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:26:54.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Dell EMC iDRAC9 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149945"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-367",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379943"
},
{
"db": "NVD",
"id": "CVE-2021-21539"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.dell.com/support/kbdoc/000185293"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-21539"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/367.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-379943"
},
{
"db": "VULMON",
"id": "CVE-2021-21539"
},
{
"db": "NVD",
"id": "CVE-2021-21539"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-379943"
},
{
"db": "VULMON",
"id": "CVE-2021-21539"
},
{
"db": "NVD",
"id": "CVE-2021-21539"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-30T00:00:00",
"db": "VULHUB",
"id": "VHN-379943"
},
{
"date": "2021-04-30T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21539"
},
{
"date": "2021-04-30T21:15:08.707000",
"db": "NVD",
"id": "CVE-2021-21539"
},
{
"date": "2021-04-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-379943"
},
{
"date": "2021-05-10T00:00:00",
"db": "VULMON",
"id": "CVE-2021-21539"
},
{
"date": "2021-05-10T18:09:51.187000",
"db": "NVD",
"id": "CVE-2021-21539"
},
{
"date": "2021-05-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC9 Security hole",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2280"
}
],
"trust": 0.6
}
}