Idrac8 Firmware Security Vulnerabilities and Issues — Idrac8 Firmware CVE List

Lucene search

DellIdrac8 Firmware

10 matches found

CVE•added 2023/01/18 12:15 p.m.•146 views

CVE-2022-34436

Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

4.9CVSS4.9AI score0.00033EPSS

CVE•added 2020/03/31 10:15 p.m.•135 views

CVE-2020-5344

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially c...

10CVSS9.9AI score0.08383EPSS

CVE•added 2019/04/26 7:29 p.m.•63 views

CVE-2019-3705

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to cr...

10CVSS9.5AI score0.03801EPSS

CVE•added 2018/07/02 5:29 p.m.•59 views

CVE-2018-1243

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to ...

7.5CVSS7.7AI score0.00619EPSS

CVE•added 2018/12/13 10:29 p.m.•57 views

CVE-2018-15774

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the ...

8.8CVSS6.5AI score0.003EPSS

CVE•added 2018/07/02 5:29 p.m.•51 views

CVE-2018-1244

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary comm...

8.8CVSS8.9AI score0.01519EPSS

CVE•added 2021/03/08 10:15 p.m.•44 views

CVE-2021-21510

Dell iDRAC8 versions prior to 2.75.100.75 contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.

6.1CVSS6.5AI score0.00818EPSS

CVE•added 2019/11/07 6:15 p.m.•42 views

CVE-2019-3764

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive i...

5CVSS4.3AI score0.00186EPSS

CVE•added 2018/12/13 10:29 p.m.•41 views

CVE-2018-15776

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell.

6.8CVSS6.9AI score0.00857EPSS

CVE•added 2016/11/29 3:59 p.m.•37 views

CVE-2016-5685

Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.

9CVSS8.9AI score0.00612EPSS