CVE-2019-3705

Summary

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

Affected Software

VendorProductVersion RangeStatus
Dell EMCiDRAC2.92 < 2.92affected
Dell EMCiDRAC2.61.60.60 < 2.61.60.60affected
Dell EMCiDRAC3.20.21.20 < 3.20.21.20affected
Dell EMCiDRAC3.21.24.22 < 3.21.24.22affected
Dell EMCiDRAC3.23.23.23 < 3.23.23.23affected
Dell EMCiDRAC3.21.26.22 < 3.21.26.22affected

Weaknesses

  • CWE-120: CWE-120 Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References