THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-25943

Assignerdell
Reserved2024-02-13
Published2024-06-29
Updated2024-07-02

Description

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.



HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

Problem types

CWE-330: Use of Insufficiently Random Values

Product status

Default status
unaffected

Any version before 7.00.00.172
affected

Any version before 7.10.50.00
affected

References

https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability vendor-advisory

cve.org CVE-2024-25943

nvd.nist.gov CVE-2024-25943

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-25943
Find us on
Data Privacy
Terms of Use
Logo Silicon Valley Europe
Logo BSI Allianz für Cyber-Sicherheit