Vulnerabilities > CVE-2020-5344 - Out-of-bounds Write vulnerability in Dell Idrac7 Firmware, Idrac8 Firmware and Idrac9 Firmware
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | CGI abuses |
| NASL id | DRAC_DSA-2020-063.NASL |
| description | The remote host is running iDRAC7 with a firmware version prior to 2.65.65.65, or iDRAC8 with a firmware version prior to 2.70.70.70, or iDRAC9 with a firmware version prior to 4.00.00.00 and is therefore affected by an buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. Note that Nessus has not tested for this issue but has instead relied only on the application |
| last seen | 2020-05-21 |
| modified | 2020-04-03 |
| plugin id | 135187 |
| published | 2020-04-03 |
| reporter | This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/135187 |
| title | Dell iDRAC Buffer Overflow Vulnerability (CVE-2020-5344) |