Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe

Filtered by product Idrac9

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-34435	1 Dell	2 Idrac9, Idrac9 Firmware	2024-11-21	N/A	2.7 LOW
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
CVE-2022-24422	1 Dell	1 Idrac9	2024-11-21	10.0 HIGH	9.6 CRITICAL
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
CVE-2020-5366	1 Dell	2 Idrac9, Idrac9 Firmware	2024-11-21	4.0 MEDIUM	7.1 HIGH
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
CVE-2020-5344	1 Dell	6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more	2024-11-21	10.0 HIGH	7.0 HIGH
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
CVE-2020-26198	1 Dell	2 Idrac9, Idrac9 Firmware	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.