Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

idrac9

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

6
Related CVEsRelated VendorsRelated AssignersReports
6Vulnerabilities found
CVE-2024-25943
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.6||HIGH
EPSS-2.79% / 85.52%
||
7 Day CHG~0.00%
Published-29 Jun, 2024 | 12:52
Updated-03 Feb, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9Integrated Dell Remote Access Controller 9integrated_dell_remote_access_controller_9_firmware
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2022-34435
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-2.7||LOW
EPSS-0.04% / 8.68%
||
7 Day CHG~0.00%
Published-18 Jan, 2023 | 11:07
Updated-03 Apr, 2025 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC9 version 6.00.02.00 and prior contain an improper input validation vulnerability in Racadm when the firmware lock-down configuration is set. A remote high privileged attacker could exploit this vulnerability to bypass the firmware lock-down configuration and perform a firmware update.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac9Integrated Dell Remote Access Controller 9
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24422
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-47.94% / 97.64%
||
7 Day CHG~0.00%
Published-26 May, 2022 | 15:20
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9Integrated Dell Remote Access Controller 9
CWE ID-CWE-287
Improper Authentication
CVE-2020-26198
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 53.05%
||
7 Day CHG~0.00%
Published-16 Dec, 2020 | 15:50
Updated-17 Sep, 2024 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac9Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-5366
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7.1||HIGH
EPSS-0.30% / 52.42%
||
7 Day CHG~0.00%
Published-09 Jul, 2020 | 13:45
Updated-16 Sep, 2024 | 17:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac9Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-5344
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-7||HIGH
EPSS-7.12% / 91.17%
||
7 Day CHG~0.00%
Published-31 Mar, 2020 | 21:30
Updated-17 Sep, 2024 | 02:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

Action-Not Available
Vendor-Dell Inc.
Product-idrac9_firmwareidrac8_firmwareidrac7idrac7_firmwareidrac9idrac8Integrated Dell Remote Access Controller (iDRAC)
CWE ID-CWE-121
Stack-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write