iDRAC8
by Dell
CVEs (15)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-3411 | Cri | 0.59 | 9.1 | 0.00 | Apr 30, 2024 | Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC… | ||
| CVE-2016-5685 | Hig | 0.57 | 8.8 | 0.01 | Nov 29, 2016 | Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection. | ||
| CVE-2024-25951 | 0.00 | — | 0.01 | Mar 9, 2024 | A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. | |||
| CVE-2022-34436 | 0.00 | — | 0.00 | Jan 18, 2023 | Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform… | |||
| CVE-2022-24423 | 0.00 | — | 0.02 | Apr 21, 2022 | Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition. | |||
| CVE-2021-36347 | 0.00 | — | 0.04 | Jan 25, 2022 | iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the… | |||
| CVE-2021-21580 | 0.00 | — | 0.00 | Aug 3, 2021 | Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message… | |||
| CVE-2021-21510 | 0.00 | — | 0.01 | Mar 8, 2021 | Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections. | |||
| CVE-2020-5344 | 0.00 | — | 0.04 | Mar 31, 2020 | Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by… | |||
| CVE-2019-3764 | 0.00 | — | 0.00 | Nov 7, 2019 | Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability… | |||
| CVE-2019-3705 | 0.00 | — | 0.02 | Apr 26, 2019 | Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this… | |||
| CVE-2018-15774 | 0.00 | — | 0.00 | Dec 13, 2018 | Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a… | |||
| CVE-2018-15776 | 0.00 | — | 0.01 | Dec 13, 2018 | Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell. | |||
| CVE-2018-1244 | 0.00 | — | 0.01 | Jul 2, 2018 | Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to… | |||
| CVE-2018-1211 | 0.00 | — | 0.01 | Mar 23, 2018 | Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings… |
- risk 0.59cvss 9.1epss 0.00
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC…
- risk 0.57cvss 8.8epss 0.01
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.
- CVE-2024-25951Mar 9, 2024risk 0.00cvss —epss 0.01
A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
- CVE-2022-34436Jan 18, 2023risk 0.00cvss —epss 0.00
Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…
- CVE-2022-24423Apr 21, 2022risk 0.00cvss —epss 0.02
Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition.
- CVE-2021-36347Jan 25, 2022risk 0.00cvss —epss 0.04
iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the…
- CVE-2021-21580Aug 3, 2021risk 0.00cvss —epss 0.00
Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message…
- CVE-2021-21510Mar 8, 2021risk 0.00cvss —epss 0.01
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
- CVE-2020-5344Mar 31, 2020risk 0.00cvss —epss 0.04
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by…
- CVE-2019-3764Nov 7, 2019risk 0.00cvss —epss 0.00
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability…
- CVE-2019-3705Apr 26, 2019risk 0.00cvss —epss 0.02
Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this…
- CVE-2018-15774Dec 13, 2018risk 0.00cvss —epss 0.00
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a…
- CVE-2018-15776Dec 13, 2018risk 0.00cvss —epss 0.01
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
- CVE-2018-1244Jul 2, 2018risk 0.00cvss —epss 0.01
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to…
- CVE-2018-1211Mar 23, 2018risk 0.00cvss —epss 0.01
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings…