CVE-2013-4785

Published: Jul 8, 2013Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

Affected (1)

Products: Dell: Idrac6 Firmware

1 product

Idrac6 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Idrac6 Firmware	Version 1.7

References (6)

ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf (unsafe URL)

Source: cve@mitre.org

http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx

Source: cve@mitre.org

http://fish2.com/ipmi/dell/secret.html

Source: cve@mitre.org

ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://fish2.com/ipmi/dell/secret.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.