CVE-2019-3705

Name of the Vulnerable Software and Affected Versions Dell EMC iDRAC6 versions prior to 2.92 Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 Dell EMC iDRAC9 versions prior to 3.20.21.20 Dell EMC iDRAC9 versions prior to 3.21.24.22 Dell EMC iDRAC9 versions prior to 3.21.26.22 Dell EMC iDRAC9 versions prior to 3.23.23.23

Description The issue is a stack-based buffer overflow that can be exploited by an unauthenticated remote attacker. By sending specially crafted input data to the affected system, the attacker may crash the webserver or execute arbitrary code on the system with privileges of the webserver.

Recommendations For Dell EMC iDRAC6 versions prior to 2.92, update to version 2.92 or later. For Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60, update to version 2.61.60.60 or later. For Dell EMC iDRAC9 versions prior to 3.20.21.20, update to version 3.20.21.20 or later. For Dell EMC iDRAC9 versions prior to 3.21.24.22, update to version 3.21.24.22 or later. For Dell EMC iDRAC9 versions prior to 3.21.26.22, update to version 3.21.26.22 or later. For Dell EMC iDRAC9 versions prior to 3.23.23.23, update to version 3.23.23.23 or later.