CVE-2019-3764
MEDIUMDell iDRAC7 < 2.65.65.65, iDRAC8 < 2.70.70.70, iDRAC9 < 3.36.36.36 - Authenticated Information Disclosure
Title source: llmDescription
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en
Scores
CVSS v3
4.3
EPSS
0.0024
EPSS Percentile
46.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-285
Status
published
Products (3)
dell/idrac7_firmware
< 2.65.65.65
dell/idrac8_firmware
< 2.70.70.70
dell/idrac9_firmware
< 3.36.36.36
Published
Nov 07, 2019
Tracked Since
Feb 18, 2026