Vulnerabilities (CVE)

Filtered by vendor Dell Subscribe

Filtered by product Idrac9

Total 5 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2022-34435	1 Dell	2 Idrac9, Idrac9 Firmware	2024-02-28	N/A	4.9 MEDIUM
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
CVE-2022-24422	1 Dell	1 Idrac9	2024-02-28	10.0 HIGH	9.8 CRITICAL
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
CVE-2020-26198	1 Dell	2 Idrac9, Idrac9 Firmware	2024-02-28	4.3 MEDIUM	6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVE-2020-5366	1 Dell	2 Idrac9, Idrac9 Firmware	2024-02-28	4.0 MEDIUM	6.5 MEDIUM
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.
CVE-2020-5344	1 Dell	6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more	2024-02-28	10.0 HIGH	9.8 CRITICAL
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.