Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-3705

Опубликовано: 26 апр. 2019
Источник: nvd
CVSS3: 8.1
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*
Версия до 2.92 (исключая)
cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*
Версия до 2.61.60.60 (исключая)
cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*
Версия до 2.61.60.60 (исключая)
cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*
Версия до 3.20.21.20 (исключая)

EPSS

Процентиль: 88%
0.0377
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-120
CWE-787

Связанные уязвимости

github логотип

GHSA-76h7-m86v-wq78

github
больше 3 лет назад

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

EPSS

Процентиль: 88%
0.0377
Низкий

8.1 High

CVSS3

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-120
CWE-787