CVE-2013-4785

EPSS 2.01%
Veröffentlicht 08.07.2013 22:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html.  NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Idrac6 Firmware Version1.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.01%	0.82

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf

http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx

http://fish2.com/ipmi/dell/secret.html

https://nvd.nist.gov/vuln/detail/CVE-2013-4785

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4785

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4785

EUVD