CVE-2019-3764

Summary

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

Affected Software

VendorProductVersion RangeStatus
DellIntegrated Dell Remote Access Controller (iDRAC)unspecified < iDRAC7: 2.65.65.65, iDRAC8: 2.70.70.70, iDRAC9: 3.40.40.40 and 3.36.36.36affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization

ADP Enrichment

CVE Program Container

Additional References

References