CVE-2019-3706

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
dellCNA
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
dellidrac9_firmware
3.20.21.20
dellidrac9_firmware
3.21.24.22
dellidrac9_firmware
3.23.23.23
𝑥
= Vulnerable software versions
References
https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en
https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en