CVE-2019-3705

Published: Apr 26, 2019Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

Affected (4)

Products: Dell: Idrac6 Firmware, Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware

4 products

Idrac6 Firmware

Idrac7 Firmware

Idrac8 Firmware

Idrac9 Firmware

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dell Idrac6 Firmware	Before 2.92
Dell Idrac7 Firmware	Before 2.61.60.60
Dell Idrac8 Firmware	Before 2.61.60.60
Dell Idrac9 Firmware	Before 3.20.21.20

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en

Source: security_alert@emc.com

Vendor Advisory

https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.