Allele Security Alert
ASA-2019-00645
Identifier(s)
ASA-2019-00645, CVE-2019-3764, DSA-2019-137
Title
Improper Authorization Vulnerability
Vendor(s)
Dell EMC
Product(s)
Dell EMC iDRAC
Affected version(s)
Dell EMC iDRAC8 versions before 2.70.70.70
Dell EMC iDRAC9 versions before 3.36.36.36
Fixed version(s)
Dell EMC iDRAC8 version 2.70.70.70
Dell EMC iDRAC9 version 3.36.36.36
Proof of concept
Unknown
Description
Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
Technical details
Unknown
Credits
MilCert Austrian Armed Forces
Reference(s)
DSA-2019-137: iDRAC Improper Authorization Vulnerability
https://www.dell.com/support/article/us/en/04/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en
CVE-2019-3764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3764
CVE-2019-3764
https://nvd.nist.gov/vuln/detail/CVE-2019-3764
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: December 3, 2019