Remote Authentication Bypass in Dell iDRAC Firmware
CVE-2013-4783

Currently unrated

Key Information:

Vendor: Dell
Status: Idrac6 Bmc
Vendor: CVE Published:; 8 July 2013

Summary

The vulnerability allows remote attackers to exploit Dell iDRAC devices, specifically versions of iDRAC6 and iDRAC7 firmware, by leveraging an insecure cipher suite. This enables attackers to bypass authentication mechanisms and execute arbitrary IPMI commands, raising significant security concerns for organizations that inadequately protect their management networks. Although Dell advises that these systems should be isolated from public networks, the existence of this flaw could potentially expose critical infrastructure to unauthorized access.

References

http://en.community.dell.com/techcenter/systems-managemen...

x_refsource_MISC

http://www.wired.com/threatlevel/2013/07/ipmi/

x_refsource_MISC

http://www.metasploit.com/modules/auxiliary/scanner/ipmi/...

x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jul 8, 2013
Vulnerability Reserved
Jul 8, 2013