Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34435 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2023-01-26 | N/A | 4.9 MEDIUM |
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update. | |||||
CVE-2022-24422 | 1 Dell | 1 Idrac9 | 2022-06-07 | 10.0 HIGH | 9.8 CRITICAL |
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console. | |||||
CVE-2020-26198 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2020-12-22 | 4.3 MEDIUM | 6.1 MEDIUM |
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | |||||
CVE-2020-5366 | 1 Dell | 2 Idrac9, Idrac9 Firmware | 2020-07-15 | 4.0 MEDIUM | 6.5 MEDIUM |
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files. | |||||
CVE-2020-5344 | 1 Dell | 6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more | 2020-04-03 | 10.0 HIGH | 9.8 CRITICAL |
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. |