Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe
Filtered by product Idrac8 Firmware
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34436 1 Dell 2 Idrac8, Idrac8 Firmware 2024-11-21 N/A 2.7 LOW
Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
CVE-2021-21510 1 Dell 1 Idrac8 Firmware 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
CVE-2020-5344 1 Dell 6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more 2024-11-21 10.0 HIGH 7.0 HIGH
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
CVE-2019-3764 1 Dell 3 Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
CVE-2019-3705 1 Dell 4 Idrac6 Firmware, Idrac7 Firmware, Idrac8 Firmware and 1 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.
CVE-2018-1244 1 Dell 3 Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
CVE-2018-1243 1 Dell 4 Idrac6 Firmware, Idrac7 Firmware, Idrac8 Firmware and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
CVE-2018-15776 1 Dell 2 Idrac7 Firmware, Idrac8 Firmware 2024-11-21 4.6 MEDIUM 6.4 MEDIUM
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.
CVE-2018-15774 1 Dell 3 Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware 2024-11-21 6.5 MEDIUM 3.8 LOW
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
CVE-2016-5685 1 Dell 4 Idrac7, Idrac7 Firmware, Idrac8 and 1 more 2024-11-21 9.0 HIGH 8.8 HIGH
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.