Vulnerability identifier: #VU66164
Vulnerability risk: Low
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-121
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
iDRAC9
Web applications /
Remote management & hosting panels
iDRAC8
Web applications /
Remote management & hosting panels
Vendor:
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. An authenticated remote user with high privileges can exploit this vulnerability to control process execution and gain access to the iDRAC operating system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
External links
http://www.dell.com/support/kbdoc/000194038
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.