Unrated severityNVD Advisory· Published Apr 26, 2019· Updated Sep 16, 2024

Buffer Overflow Vulnerability

CVE-2019-3705

Description

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Stack-based buffer overflow in Dell EMC iDRAC6/7/8/9 allows unauthenticated remote attackers to crash webserver or execute arbitrary code via specially crafted input.

Vulnerability

A stack-based buffer overflow vulnerability exists in the web interface of Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23. An unauthenticated remote attacker can send specially crafted input data to the affected system, triggering the overflow.

Exploitation

An attacker with network access to the iDRAC web interface can exploit this vulnerability without any authentication. The attack complexity is high (CVSS: AC:H), but successful exploitation requires sending specially crafted input that triggers the buffer overflow, potentially leading to code execution.

Impact

Successful exploitation can cause a crash of the webserver or arbitrary code execution with the privileges of the webserver, typically root. This results in high impact to confidentiality, integrity, and availability (CVSSv3 base score 8.1).

Mitigation

Dell has released firmware updates to address this vulnerability: upgrade iDRAC6 to version 2.92, iDRAC7/iDRAC8 to version 2.61.60.60, and iDRAC9 to versions 3.20.21.20, 3.21.24.22, 3.21.26.22, or 3.23.23.23. As of the advisory date, no workarounds are available. Users should apply the updates promptly [1].

References

DSA-2019-028: Dell Technologies iDRAC Multiple Vulnerabilities

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Dell/iDRAC9llm-fuzzy
Range: <3.20.21.20, <3.21.24.22, <3.21.26.22, <3.23.23.23
Dell/Idrac7llm-fuzzy2 versions
<2.61.60.60+ 1 more
- (no CPE)range: <2.61.60.60
- (no CPE)range: 2.92
Dell/iDRAC8llm-fuzzy
Range: <2.61.60.60
Dell/iDRAC6llm-fuzzy
Range: <2.92

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilitiesmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000