Authenticated remote code execution in iDRAC 6
Description
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A command injection vulnerability in Dell EMC iDRAC6 diagnostics console allows authenticated remote attackers to execute arbitrary commands as root.
Vulnerability
The web-based diagnostics console in Dell EMC iDRAC6 contains a command injection vulnerability. Affected versions: Monolithic versions prior to 2.91 and all Modular versions. The vulnerability exists in the diagnostics console, which is accessible to authenticated iDRAC users.
Exploitation
An attacker with valid iDRAC credentials can access the diagnostics console and inject arbitrary commands via crafted input. No additional privileges or user interaction beyond authentication are required.
Impact
Successful exploitation allows the attacker to execute arbitrary commands as root on the affected iDRAC system, leading to full compromise of the iDRAC and potential further attacks on the host server.
Mitigation
Dell EMC released iDRAC6 Monolithic version 2.91 to address this vulnerability. For Modular versions, no fix is available; users should restrict access to the diagnostics console and apply network segmentation to limit exposure.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- en.community.dell.com/techcenter/extras/m/white_papers/20487494mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.