1. Home
  2. CVE Database
  3. CVE-2020-5344
HIGH · 7.0

CVE-2020-5344

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnera...

Vulnerability Description

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

CVSS Score

7.0

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
HIGH

Affected Products

VendorProductVersions
DellIdrac7 Firmware< 2.65.65.65
DellIdrac7-
DellIdrac8 Firmware< 2.70.70.70
DellIdrac8-
DellIdrac9 Firmware< 4.00.00.00
DellIdrac9-

Related Weaknesses (CWE)

CWE-121CWE-787

References

FAQ

What is CVE-2020-5344?

CVE-2020-5344 is a vulnerability with a CVSS score of 7.0 (HIGH). Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnera...

How severe is CVE-2020-5344?

CVE-2020-5344 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-5344?

Check the references section above for vendor advisories and patch information. Affected products include: Dell Idrac7 Firmware, Dell Idrac7, Dell Idrac8 Firmware, Dell Idrac8, Dell Idrac9 Firmware.