First published: Thu Dec 13 2018(Updated: )
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Idrac7 Firmware | <2.61.60.60 | |
Dell Idrac8 Firmware | <2.61.60.60 | |
Dell Idrac9 Firmware | <3.20.21.20 | |
Dell Idrac9 Firmware | >=3.21.21.21<3.21.24.22 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15774 is a privilege escalation vulnerability in Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23.
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 are affected by CVE-2018-15774.
CVE-2018-15774 has a severity rating of 8.8 (high).
An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the RACADM command-line utility.
To fix CVE-2018-15774, update your Dell iDRAC firmware to version 2.61.60.60 (for iDRAC7/iDRAC8) or 3.20.21.20 (for iDRAC9) or later.