Описание
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.52.52.52 (исключая)Версия до 2.52.52.52 (исключая)
Одно из
cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:*
cpe:2.3:a:dell:emc_idrac8:*:*:*:*:*:*:*:*
EPSS
Процентиль: 74%
0.00801
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
EPSS
Процентиль: 74%
0.00801
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22