ASA-2019-00645 – Dell EMC iDRAC: Improper Authorization Vulnerability


Allele Security Alert

ASA-2019-00645

Identifier(s)

ASA-2019-00645, CVE-2019-3764, DSA-2019-137

Title

Improper Authorization Vulnerability

Vendor(s)

Dell EMC

Product(s)

Dell EMC iDRAC

Affected version(s)

Dell EMC iDRAC8 versions before 2.70.70.70
Dell EMC iDRAC9 versions before 3.36.36.36

Fixed version(s)

Dell EMC iDRAC8 version 2.70.70.70
Dell EMC iDRAC9 version 3.36.36.36

Proof of concept

Unknown

Description

Dell EMC iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

Technical details

Unknown

Credits

MilCert Austrian Armed Forces

Reference(s)

DSA-2019-137: iDRAC Improper Authorization Vulnerability
https://www.dell.com/support/article/us/en/04/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en

CVE-2019-3764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3764

CVE-2019-3764
https://nvd.nist.gov/vuln/detail/CVE-2019-3764

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: December 3, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.