CVE-2020-5344

Published Mar 31, 2020

Last updated 5 years ago

Overview

Description: Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
Source: security_alert@emc.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-787
security_alert@emc.com: CWE-121

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3494B3FA-1BE5-4817-9F92-1A19F2776680",
            "versionEndExcluding": "2.65.65.65"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:idrac7:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6B004193-6FCE-4E0C-9B3F-D56B4605701B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3081DFE4-72FC-497B-946D-9B9AB9AFCC76",
            "versionEndExcluding": "2.70.70.70"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:idrac8:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "B0591F64-CBB4-440D-AB35-F8D5AC8A536B"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3F9892D-A0B0-4938-9C38-C8A511860011",
            "versionEndExcluding": "4.00.00.00"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:dell:idrac9:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BD8B684E-092F-496C-9D94-51CCD1F3575A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Configurations

References