CVE-2020-5344
Description
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in Dell EMC iDRAC7/8/9 prior to specific firmware versions allows unauthenticated remote attackers to crash or execute arbitrary code.
Vulnerability
Dell EMC iDRAC7, iDRAC8, and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, and 4.00.00.00 respectively contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker can exploit this by sending specially crafted input data [1].
Exploitation
An attacker requires network access to the iDRAC management interface. No authentication is needed. The attack complexity is high according to CVSS, but the vulnerability can be triggered by sending crafted input without user interaction [1].
Impact
Successful exploitation can cause a denial of service (crash of the affected process) or allow arbitrary code execution on the target system, potentially compromising the management network [1]. The CVSS v3.1 score is 7.0, with high availability impact and low confidentiality/integrity impact.
Mitigation
Dell EMC released fixed firmware versions: iDRAC9 4.00.00.00, iDRAC8 2.70.70.70, and iDRAC7 2.65.65.65. Users should upgrade at the earliest opportunity. The iDRAC should not be exposed to the internet [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.