CVE-2019-3705
Published Apr 26, 2019
Last updated 4 years ago
Overview
- Description
- Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.
- Source
- security_alert@emc.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.9
- Exploitability score
- 2.2
- Vector string
- CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 10
- Impact score
- 10
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:C/I:C/A:C
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A933C26-FA8F-4F0F-8B6B-25D31459E39C",
"versionEndExcluding": "2.92"
},
{
"criteria": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACBCB009-3BF0-48D8-9F79-7466D3337F72",
"versionEndExcluding": "2.61.60.60"
},
{
"criteria": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B452829A-3012-44C8-B0EB-176CD61DEE07",
"versionEndExcluding": "2.61.60.60"
},
{
"criteria": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BCE2274-B3B1-4BA6-B01A-869258936FA0",
"versionEndExcluding": "3.20.21.20"
}
],
"operator": "OR"
}
]
}
]