PT-2024-5581 · Dell · Dell Idrac Service Module

Published

2024-07-31

Updated

2024-08-12

CVE-2024-38481

CVSS v2.0

5.2

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions Dell iDRAC Service Module versions 5.3.0.0 and prior

Description The issue is related to an out-of-bounds read vulnerability in the integrated service module of Dell iDRAC controllers. This could allow an attacker to execute arbitrary code or cause a denial of service. A privileged local attacker may exploit this issue, potentially resulting in data exposure.

Recommendations For versions 5.3.0.0 and prior, update to a patched version as soon as possible to mitigate the risk of exploitation. As a temporary workaround, consider restricting access to the vulnerable service module until a patch is available.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2024-06266

CVE-2024-38481

Affected Products

Dell Idrac Service Module

PT-2024-5581 · Dell · Dell Idrac Service Module

CVE-2024-38481

Weakness Enumeration

Related Identifiers

Affected Products

References · 8