ASA-2019-00241 – Dell EMC iDRAC: Web Interface Authentication Bypass Vulnerability

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00241

Identifier(s)

ASA-2019-00241, DSA-2019-028, CVE-2019-3706

Title

Web Interface Authentication Bypass Vulnerability

Vendor(s)

Dell

Product(s)

Dell EMC iDRAC

Affected version(s)

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22

Fixed version(s)

Dell EMC iDRAC9 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22

Proof of concept

Unknown

Description

A remote attacker may potentially exploit this vulnerability to bypass authentication and gain access to the system by sending specially crafted data to the iDRAC web interface.

Technical details

Unknown

Credits

Unknown

Reference(s)

Dell EMC iDRAC Multiple Vulnerabilities
https://www.dell.com/support/article/br/pt/brdhs1/sln316930/dsa-2019-028-dell-emc-idrac-multiple-vulnerabilities?lang=en

CVE-2019-3706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3706

CVE-2019-3706
https://nvd.nist.gov/vuln/detail/CVE-2019-3706

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: May 1, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.