CVE-2018-15774 LOW

CVE-2018-15774: iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability

Vendor Dell Emc
Product iDRAC
Published December 13, 2018
Last update September 17, 2024

CVSS base score

3.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.

Key dates

02Disclosure timeline

December 13, 2018 CVE published
September 17, 2024 Record updated