CVE-2013-4785

Name of the Vulnerable Software and Affected Versions Dell iDRAC6 versions prior to 1.95

Description The issue affects the web interface of the Dell iDRAC6, allowing remote attackers to modify the CLP interface for arbitrary users via a request to an unspecified form accessible from testurls.html. The vendor has stated that DRACs are intended for separate management networks and not for internet connection, disputing the significance of this issue.

Recommendations For versions prior to 1.95, update the firmware to version 1.95 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.