CVE-2019-3764

Опубликовано: 07 нояб. 2019

Источник: nvd

CVSS3: 5

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*

Версия до 2.65.65.65 (исключая)

cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*

Версия до 2.70.70.70 (исключая)

cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*

Версия до 3.36.36.36 (исключая)

EPSS

Процентиль: 47%

0.00239

Низкий

5 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

NVD-CWE-Other

Связанные уязвимости

GHSA-p6v4-55x8-jc35

github

больше 3 лет назад

Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

EPSS

Процентиль: 47%

0.00239

Низкий

5 Medium

CVSS3

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-285

NVD-CWE-Other