Allele Security Alert
ASA-2019-00240
Identifier(s)
ASA-2019-00240, DSA-2019-028, CVE-2019-3705
Title
Buffer overflow vulnerability
Vendor(s)
Dell
Product(s)
Dell EMC iDRAC
Affected version(s)
Dell EMC iDRAC6 versions prior to 2.92
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60
Dell EMC iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23
Fixed version(s)
Dell EMC iDRAC6 2.92
Dell EMC iDRAC7 2.61.60.60
Dell EMC iDRAC8 2.61.60.60
Dell EMC iDRAC9 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23
Proof of concept
Unknown
Description
An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.
Technical details
Unknown
Credits
Unknown
Reference(s)
Dell EMC iDRAC Multiple Vulnerabilities
https://www.dell.com/support/article/br/pt/brdhs1/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en
CVE-2019-3705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3705
CVE-2019-3705
https://nvd.nist.gov/vuln/detail/CVE-2019-3705
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: May 1, 2019