VYPR

iDRAC8

by Dell

CVEs (14)

  • CVE-2018-1207CriMar 23, 2018
    risk 0.74cvss 9.8epss 0.91

    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.

  • CVE-2019-3705CriApr 26, 2019
    risk 0.64cvss 9.8epss 0.04

    Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this…

  • CVE-2024-3411CriApr 30, 2024
    risk 0.59cvss 9.1epss 0.01

    Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC…

  • CVE-2016-5685HigNov 29, 2016
    risk 0.57cvss 8.8epss 0.02

    Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.

  • CVE-2024-25951HigMar 9, 2024
    risk 0.52cvss 8.0epss 0.01

    A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

  • CVE-2018-1211HigMar 23, 2018
    risk 0.49cvss 7.5epss 0.03

    Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings…

  • CVE-2021-36347HigJan 25, 2022
    risk 0.47cvss 7.2epss 0.02

    iDRAC9 versions prior to 5.00.20.00 and iDRAC8 versions prior to 2.82.82.82 contain a stack-based buffer overflow vulnerability. An authenticated remote attacker with high privileges could potentially exploit this vulnerability to control process execution and gain access to the…

  • CVE-2020-5344HigMar 31, 2020
    risk 0.46cvss 7.0epss 0.04

    Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by…

  • CVE-2021-21510MedMar 8, 2021
    risk 0.40cvss 6.1epss 0.01

    Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.

  • CVE-2022-24423MedApr 21, 2022
    risk 0.35cvss 5.3epss 0.02

    Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition.

  • CVE-2021-21580MedAug 3, 2021
    risk 0.28cvss 4.3epss 0.01

    Dell EMC iDRAC8 versions prior to 2.80.80.80 & Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a Content spoofing / Text injection, where a malicious URL can inject text to present a customized message on the application that can phish users into believing that the message…

  • CVE-2019-3764MedNov 7, 2019
    risk 0.28cvss 4.3epss 0.01

    Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability…

  • CVE-2018-15774LowDec 13, 2018
    risk 0.25cvss 3.8epss 0.01

    Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a…

  • CVE-2022-34436LowJan 18, 2023
    risk 0.18cvss 2.7epss 0.00

    Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform…