CVE-2018-15774

Summary

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.

Affected Software

VendorProductVersion RangeStatus
Dell EMCiDRACiDRAC7 < 2.61.60.60affected
Dell EMCiDRACiDRAC8 < 2.61.60.60affected
Dell EMCiDRACiDRAC9 < 3.20.21.20affected
Dell EMCiDRACiDRAC9 < 3.23.23.23affected

Weaknesses

  • Privilege escalation vulnerability.

ADP Enrichment

CVE Program Container

Additional References

References