CVE-2024-25943

June 29, 2024, 1:15 p.m.

7.6
High

Description

iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.

Product(s) Impacted

Product Versions
iDRAC9
  • ['before 7.00.00.172 for 14th Generation', 'before 7.10.50.00 for 15th and 16th Generations']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

References

https://www.dell.com/support/kbdoc/en-us/000226503/dsa-2024-099-security-update-for-dell-idrac9-ipmi-session-vulnerability

Tags

security_alert@emc.com
CWE-330
2024-06-29
CVE-2024-25943

CVSS Score

7.6 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: HIGH
  • Availability Impact: LOW

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

    View Vector String

Timeline

Published: June 29, 2024, 1:15 p.m.
Last Modified: June 29, 2024, 1:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security_alert@emc.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.