Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dell Subscribe
Filtered by product Idrac9
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34435 1 Dell 2 Idrac9, Idrac9 Firmware 2023-01-26 N/A 4.9 MEDIUM
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
CVE-2022-24422 1 Dell 1 Idrac9 2022-06-07 10.0 HIGH 9.8 CRITICAL
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
CVE-2020-26198 1 Dell 2 Idrac9, Idrac9 Firmware 2020-12-22 4.3 MEDIUM 6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVE-2020-5366 1 Dell 2 Idrac9, Idrac9 Firmware 2020-07-15 4.0 MEDIUM 6.5 MEDIUM
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
CVE-2020-5344 1 Dell 6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more 2020-04-03 10.0 HIGH 9.8 CRITICAL
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.