CVE-2019-3706
HIGHDell EMC iDRAC9 - Authentication Bypass via Crafted Web Interface Data
Title source: llmDescription
Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/us/en/04/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en
Scores
CVSS v3
8.6
EPSS
0.0179
EPSS Percentile
83.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Details
Status
published
Products (3)
dell/idrac9_firmware
3.20.21.20
dell/idrac9_firmware
3.21.24.22
dell/idrac9_firmware
3.23.23.23
Published
Apr 26, 2019
Tracked Since
Feb 18, 2026