CVE-2019-3764 MEDIUM

CVE-2019-3764

Vendor Dell

Product Integrated Dell Remote Access Controller (iDRAC)

Weakness CWE-285

Published November 7, 2019

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes.

Key dates

02Disclosure timeline

November 7, 2019 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3764 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/285.html

Related vulnerabilities

Identifiers

CVE CVE-2019-3764

CWE CWE-285

CVSS 5.0 / MEDIUM

Affected versions