Vulnerability Description
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.
CVSS Score
8.8
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Idrac7 Firmware | <= 2.30.30.30 |
| Dell | Idrac8 Firmware | <= 2.30.30.30 |
| Dell | Idrac7 | - |
| Dell | Idrac8 | - |
Related Weaknesses (CWE)
References
- http://en.community.dell.com/techcenter/extras/m/white_papers/20443326Vendor Advisory
- http://www.securityfocus.com/bid/94585Third Party AdvisoryVDB Entry
- http://en.community.dell.com/techcenter/extras/m/white_papers/20443326Vendor Advisory
- http://www.securityfocus.com/bid/94585Third Party AdvisoryVDB Entry
FAQ
What is CVE-2016-5685?
CVE-2016-5685 is a vulnerability with a CVSS score of 8.8 (HIGH). Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell access through a string injection.
How severe is CVE-2016-5685?
CVE-2016-5685 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5685?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Idrac7 Firmware, Dell Idrac8 Firmware, Dell Idrac7, Dell Idrac8.