Description
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://en.community.dell.com/techcenter/extras/m/white_papers/20443326
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94585
Scores
CVSS v3
8.8
EPSS
0.0061
EPSS Percentile
70.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-74
Status
published
Products (3)
dell/idrac7_firmware
< 2.30.30.30
dell/idrac8_firmware
< 2.30.30.30
Dell EMC/iDRAC7 and iDRAC8
firmware before 2.40.40.40
Published
Nov 29, 2016
Tracked Since
Feb 18, 2026