1. Home
  2. CVE Database
  3. CVE-2019-3705
CRITICAL · 9.8

CVE-2019-3705

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow...

Vulnerability Description

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
DellIdrac6 Firmware< 2.92
DellIdrac7 Firmware< 2.61.60.60
DellIdrac8 Firmware< 2.61.60.60
DellIdrac9 Firmware< 3.20.21.20

Related Weaknesses (CWE)

CWE-120CWE-787

References

FAQ

What is CVE-2019-3705?

CVE-2019-3705 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer overflow...

How severe is CVE-2019-3705?

CVE-2019-3705 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2019-3705?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Idrac6 Firmware, Dell Idrac7 Firmware, Dell Idrac8 Firmware, Dell Idrac9 Firmware.