What is the severity of CVE-2013-3589?

CVE-2013-3589 is classified as a medium severity vulnerability due to its potential for exploitation via cross-site scripting.

How does CVE-2013-3589 affect Dell iDRAC devices?

CVE-2013-3589 allows remote attackers to inject arbitrary web script or HTML into the login page on affected Dell iDRAC devices.

How do I fix CVE-2013-3589?

To resolve CVE-2013-3589, update the firmware on your Dell iDRAC6 devices to version 1.96 or later, or iDRAC7 devices to version 1.46.45 or later.

What are the affected firmware versions for CVE-2013-3589?

CVE-2013-3589 affects Dell iDRAC6 firmware before version 1.96 and iDRAC7 firmware before version 1.46.45.

Can CVE-2013-3589 be exploited remotely?

Yes, CVE-2013-3589 can be exploited remotely as it targets the login page of the Administrative Web Interface of Dell iDRAC devices.

Vulnerability/
CVE-2013-3589

medium

4.3

CWE

24/9/2013

16/9/2024

CVE-2013-3589: XSS

First published: Tue Sep 24 2013(Updated: )

Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Dell iDRAC6	<=1.95
Dell iDRAC6	=1.0
Dell iDRAC6	=1.1
Dell iDRAC6	=1.2
Dell iDRAC6	=1.3
Dell iDRAC6	=1.5
Dell iDRAC6	=1.6
Dell iDRAC6	=1.8
Dell iDRAC6 modular
Dell EMC iDRAC7	<=1.40.40
Dell EMC iDRAC7	=1.00.00
Dell EMC iDRAC7	=1.06.06
Dell EMC iDRAC7	=1.10.10
Dell EMC iDRAC7	=1.20.20
Dell EMC iDRAC7	=1.23.23
Dell EMC iDRAC7	=1.37.35
Dell iDRAC7 Firmware

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-3589?
CVE-2013-3589 is classified as a medium severity vulnerability due to its potential for exploitation via cross-site scripting.
How does CVE-2013-3589 affect Dell iDRAC devices?
CVE-2013-3589 allows remote attackers to inject arbitrary web script or HTML into the login page on affected Dell iDRAC devices.
How do I fix CVE-2013-3589?
To resolve CVE-2013-3589, update the firmware on your Dell iDRAC6 devices to version 1.96 or later, or iDRAC7 devices to version 1.46.45 or later.
What are the affected firmware versions for CVE-2013-3589?
CVE-2013-3589 affects Dell iDRAC6 firmware before version 1.96 and iDRAC7 firmware before version 1.46.45.
Can CVE-2013-3589 be exploited remotely?
Yes, CVE-2013-3589 can be exploited remotely as it targets the login page of the Administrative Web Interface of Dell iDRAC devices.

agent/type
agent/references
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/weakness
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/dell
canonical/dell idrac6
version/dell idrac6/1.95
version/dell idrac6/1.0
version/dell idrac6/1.1
version/dell idrac6/1.2
version/dell idrac6/1.3
version/dell idrac6/1.5
version/dell idrac6/1.6
version/dell idrac6/1.8
canonical/dell idrac6 modular
canonical/dell emc idrac7
version/dell emc idrac7/1.40.40
version/dell emc idrac7/1.00.00
version/dell emc idrac7/1.06.06
version/dell emc idrac7/1.10.10
version/dell emc idrac7/1.20.20
version/dell emc idrac7/1.23.23
version/dell emc idrac7/1.37.35
canonical/dell idrac7 firmware

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.