PT-2024-21235 · Dell · Idrac9
Published
2024-06-29
·
Updated
2024-07-01
·
CVE-2024-25943
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
iDRAC9 versions prior to 7.00.00.172 for 14th Generation
iDRAC9 versions prior to 7.10.50.00 for 15th and 16th Generations
Description
The issue is related to a session hijacking vulnerability in IPMI, which could be exploited by a remote attacker to achieve arbitrary code execution on the vulnerable application.
Recommendations
For iDRAC9 versions prior to 7.00.00.172 for 14th Generation, update to version 7.00.00.172 or later.
For iDRAC9 versions prior to 7.10.50.00 for 15th and 16th Generations, update to version 7.10.50.00 or later.
Fix
Use of Insufficiently Random Values
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Idrac9