ID CVE-2019-3764
Summary Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
References
Vulnerable Configurations
  • cpe:2.3:o:dell:idrac8_firmware:2.00.00.00:*:*:*:*:*:*:*
    cpe:2.3:o:dell:idrac8_firmware:2.00.00.00:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:idrac8_firmware:2.30.30.30:*:*:*:*:*:*:*
    cpe:2.3:o:dell:idrac8_firmware:2.30.30.30:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:idrac8_firmware:2.52.52.52:*:*:*:*:*:*:*
    cpe:2.3:o:dell:idrac8_firmware:2.52.52.52:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:idrac8_firmware:2.60.60.60:*:*:*:*:*:*:*
    cpe:2.3:o:dell:idrac8_firmware:2.60.60.60:*:*:*:*:*:*:*
  • cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*
    cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*
CVSS
Base: 4.0
Impact:
Exploitability:
CWE CWE-863
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
Last major update 07-11-2019 - 19:15
Published 07-11-2019 - 18:15
Last modified 16-01-2020 - 16:15
Back to Top