First published: Thu Nov 07 2019(Updated: )
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Idrac7 Firmware | <2.65.65.65 | |
Dell Idrac8 Firmware | <2.70.70.70 | |
Dell Idrac9 Firmware | <3.36.36.36 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-3764.
The severity of CVE-2019-3764 is medium, with a severity value of 4.3.
Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70, and iDRAC9 versions prior to 3.36.36.36 are affected by CVE-2019-3764.
CVE-2019-3764 is an improper authorization vulnerability in Dell EMC iDRAC that allows a remote authenticated malicious user with low privileges to potentially obtain sensitive information.
To fix the CVE-2019-3764 vulnerability, it is recommended to upgrade to Dell EMC iDRAC7 version 2.65.65.65, iDRAC8 version 2.70.70.70, or iDRAC9 version 3.36.36.36 or later.