PT-2024-6474 · Dell · Idrac Service Module

Published

2024-07-31

Updated

2024-08-02

CVE-2024-25947

CVSS v2.0

5.2

Medium

Vector

AV:L/AC:L/Au:S/C:N/I:P/A:C

Name of the Vulnerable Software and Affected Versions Dell iDRAC Service Module versions 5.3.0.0 and prior

Description The issue is related to an out of bound read vulnerability. A privileged local attacker could execute arbitrary code, potentially resulting in a denial of service event. This vulnerability is associated with a buffer overflow in memory, which could allow an attacker to execute arbitrary code or cause a denial of service.

Recommendations For Dell iDRAC Service Module versions 5.3.0.0 and prior, update to a version later than 5.3.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the service module to minimize the risk of exploitation.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2024-07560

CVE-2024-25947

Affected Products

Idrac Service Module

PT-2024-6474 · Dell · Idrac Service Module

CVE-2024-25947

Weakness Enumeration

Related Identifiers

Affected Products

References · 10