Vulnerability Description
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Idrac7 Firmware | < 2.61.60.60 |
| Dell | Idrac8 Firmware | < 2.61.60.60 |
| Dell | Idrac9 Firmware | < 3.20.21.20 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/106233Third Party AdvisoryVDB Entry
- https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-Vendor Advisory
- http://www.securityfocus.com/bid/106233Third Party AdvisoryVDB Entry
- https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-Vendor Advisory
FAQ
What is CVE-2018-15774?
CVE-2018-15774 is a vulnerability with a CVSS score of 3.8 (LOW). Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malic...
How severe is CVE-2018-15774?
CVE-2018-15774 has been rated LOW with a CVSS base score of 3.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-15774?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Idrac7 Firmware, Dell Idrac8 Firmware, Dell Idrac9 Firmware.