VYPR

iDRAC9

by Dell

CVEs (31)

  • CVE-2022-24422CriMay 26, 2022
    risk 0.67cvss 9.6epss 0.54

    Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

  • CVE-2019-3705CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.04

    Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this…

  • CVE-2021-21538CriJul 29, 2021
    risk 0.63cvss 9.6epss 0.02

    Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.

  • CVE-2019-3707HigApr 26, 2019
    risk 0.56cvss 8.6epss 0.03

    Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted input data to the WS-MAN interface.

  • CVE-2019-3706HigApr 26, 2019
    risk 0.56cvss 8.6epss 0.03

    Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted…

  • CVE-2021-36348HigJan 25, 2022
    risk 0.53cvss 8.1epss 0.01

    iDRAC9 versions prior to 5.00.20.00 contain an input injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by supplying specially crafted input data to…

  • CVE-2024-25943HigJun 29, 2024
    risk 0.49cvss 7.6epss 0.01

    iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable…

  • CVE-2021-36299HigNov 23, 2021
    risk 0.49cvss 7.1epss 0.30

    Dell iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.29.00 and 5.00.00.00 contain an SQL injection vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to cause information disclosure or denial of service by…

  • CVE-2021-36347HigJan 25, 2022
    risk 0.47cvss 7.2epss 0.02

    iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the…

  • CVE-2020-5366HigJul 9, 2020
    risk 0.46cvss 7.1epss 0.02

    Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.

  • CVE-2020-5344HigMar 31, 2020
    risk 0.46cvss 7.0epss 0.04

    Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by…

  • CVE-2021-36300MedNov 23, 2021
    risk 0.45cvss 6.5epss 0.33

    iDRAC9 versions prior to 5.00.00.00 contain an improper input validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability by sending a specially crafted malicious request to crash the webserver or cause information disclosure.

  • CVE-2021-21581MedAug 3, 2021
    risk 0.42cvss 6.5epss 0.01

    Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

  • CVE-2018-1249MedJul 2, 2018
    risk 0.42cvss 6.5epss 0.01

    Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. A man-in-the-middle attacker could use this vulnerability to strip the SSL/TLS protection from a connection between a client and a server.

  • CVE-2021-36301MedNov 23, 2021
    risk 0.41cvss 5.9epss 0.28

    Dell iDRAC 9 prior to version 4.40.40.00 and iDRAC 8 prior to version 2.80.80.80 contain a Stack Buffer Overflow in Racadm. An authenticated remote attacker may potentially exploit this vulnerability to control process execution and gain access to the underlying operating system.

  • CVE-2021-21579MedAug 3, 2021
    risk 0.40cvss 6.1epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

  • CVE-2021-21578MedAug 3, 2021
    risk 0.40cvss 6.1epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.40.00 contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links.

  • CVE-2021-21577MedAug 3, 2021
    risk 0.40cvss 6.1epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially…

  • CVE-2021-21576MedAug 3, 2021
    risk 0.40cvss 6.1epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially…

  • CVE-2021-21541MedApr 30, 2021
    risk 0.40cvss 6.1epss 0.01

    Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM…

Page 1 of 2