PT-2019-16653 · Dell Emc · Idrac9

Publicado

2019-04-26

Atualizado

2020-08-24

CVE-2019-3706

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dell EMC iDRAC9 versions prior to 3.24.24.24 Dell EMC iDRAC9 versions prior to 3.21.26.22 Dell EMC iDRAC9 versions prior to 3.22.22.22 Dell EMC iDRAC9 versions prior to 3.21.25.22

Description The issue allows a remote attacker to potentially bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface, specifically the / API endpoint is not mentioned but the iDRAC web interface is vulnerable.

Recommendations For versions prior to 3.24.24.24, update to version 3.24.24.24 or later. For versions prior to 3.21.26.22, update to version 3.21.26.22 or later. For versions prior to 3.22.22.22, update to version 3.22.22.22 or later. For versions prior to 3.21.25.22, update to version 3.21.25.22 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2019-3706

Produtos afetados

Idrac9

PT-2019-16653 · Dell Emc · Idrac9

CVE-2019-3706

Identificadores relacionados

Produtos afetados

Referências · 3