CVE-2020-5344

EPSS 4.12%
Veröffentlicht 31.03.2020 22:15:14
Zuletzt bearbeitet 21.11.2024 05:33:57
Quelle security_alert@emc.com
CVE-Watchlists
Login
Unerledigt
Login

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Dell ≫ Idrac7 Firmware Version < 2.65.65.65

Dell ≫ Idrac7 Version-

Dell ≫ Idrac8 Firmware Version < 2.70.70.70

Dell ≫ Idrac8 Version-

Dell ≫ Idrac9 Firmware Version < 4.00.00.00

Dell ≫ Idrac9 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.12%	0.882

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
security_alert@emc.com	7	2.2	4.7	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.dell.com/support/article/en-us/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-5344

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-5344

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-5344

EUVD