Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Dell Subscribe
Filtered by product Idrac9
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34435 1 Dell 2 Idrac9, Idrac9 Firmware 2023-12-10 N/A 4.9 MEDIUM
Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.
CVE-2022-24422 1 Dell 1 Idrac9 2023-12-10 10.0 HIGH 9.8 CRITICAL
Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.
CVE-2020-26198 1 Dell 2 Idrac9, Idrac9 Firmware 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.
CVE-2020-5344 1 Dell 6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more 2023-12-10 10.0 HIGH 9.8 CRITICAL
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
CVE-2020-5366 1 Dell 2 Idrac9, Idrac9 Firmware 2023-12-10 4.0 MEDIUM 6.5 MEDIUM
Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.