Vulnerability Description
The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Idrac6 Firmware | 1.7 |
References
- ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-mo
- http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-ch
- http://fish2.com/ipmi/dell/secret.html
- ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-mo
- http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-ch
- http://fish2.com/ipmi/dell/secret.html
FAQ
What is CVE-2013-4785?
CVE-2013-4785 is a vulnerability with a CVSS score of 10.0 (HIGH). The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified fo...
How severe is CVE-2013-4785?
CVE-2013-4785 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4785?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Idrac6 Firmware.