iDRAC9

CVEs (24)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2022-24422	Dell Integrated Remote Access Controller Firmware	0.01	—	0.16	May 26, 2022	Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
CVE-2022-34435	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Jan 18, 2023	Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…
CVE-2021-36348	Dell Integrated Remote Access Controller Firmware	0.00	—	0.01	Jan 25, 2022	iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to…
CVE-2021-36347	Dell Integrated Remote Access Controller Firmware	0.00	—	0.04	Jan 25, 2022	iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the…
CVE-2021-36300	Dell Integrated Remote Access Controller Firmware	0.00	—	0.06	Nov 23, 2021	iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.
CVE-2021-36299	Dell Integrated Remote Access Controller Firmware	0.00	—	0.02	Nov 23, 2021	Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by…
CVE-2021-21581	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Aug 3, 2021	Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVE-2021-21580	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Aug 3, 2021	Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message…
CVE-2021-21579	Dell Integrated Remote Access Controller Firmware	0.00	—	0.01	Aug 3, 2021	Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2021-21578	Dell Integrated Remote Access Controller Firmware	0.00	—	0.01	Aug 3, 2021	Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2021-21576	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Aug 3, 2021	Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially…
CVE-2021-21538	Dell Integrated Remote Access Controller Firmware	0.00	—	0.02	Jul 29, 2021	Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
CVE-2021-21544	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Apr 30, 2021	Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to…
CVE-2021-21543	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Apr 30, 2021	Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple…
CVE-2021-21539	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Apr 30, 2021	Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously…
CVE-2020-26198	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Dec 16, 2020	Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by…
CVE-2020-5366	Dell Integrated Remote Access Controller Firmware	0.00	—	0.00	Jul 9, 2020	Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
CVE-2020-5344	Dell Idrac7	0.00	—	0.04	Mar 31, 2020	Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by…
CVE-2019-3764	Dell Idrac7	0.00	—	0.00	Nov 7, 2019	Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability…
CVE-2019-3706	Dell Idrac7	0.00	—	0.02	Apr 26, 2019	Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted…

CVE-2022-24422May 26, 2022
Dell
Integrated Remote Access Controller Firmware
risk 0.01cvss —epss 0.16
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
CVE-2022-34435Jan 18, 2023
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…
CVE-2021-36348Jan 25, 2022
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.01
iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to…
CVE-2021-36347Jan 25, 2022
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.04
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the…
CVE-2021-36300Nov 23, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.06
iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.
CVE-2021-36299Nov 23, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.02
Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by…
CVE-2021-21581Aug 3, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVE-2021-21580Aug 3, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message…
CVE-2021-21579Aug 3, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.01
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2021-21578Aug 3, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.01
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.
CVE-2021-21576Aug 3, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially…
CVE-2021-21538Jul 29, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.02
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.
CVE-2021-21544Apr 30, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. A remote authenticated malicious user with high privileges could potentially exploit this vulnerability to manipulate the username field under the comment section and set the value to…
CVE-2021-21543Apr 30, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple…
CVE-2021-21539Apr 30, 2021
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously…
CVE-2020-26198Dec 16, 2020
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by…
CVE-2020-5366Jul 9, 2020
Dell
Integrated Remote Access Controller Firmware
risk 0.00cvss —epss 0.00
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
CVE-2020-5344Mar 31, 2020
Dell
Idrac7
risk 0.00cvss —epss 0.04
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by…
CVE-2019-3764Nov 7, 2019
Dell
Idrac7
risk 0.00cvss —epss 0.00
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability…
CVE-2019-3706Apr 26, 2019
Dell
Idrac7
risk 0.00cvss —epss 0.02
Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted…

Page 1 of 2