Stack-based Buffer Overflow in Dell EMC iDRAC Products
CVE-2020-5344

7HIGH

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 31 March 2020

What is CVE-2020-5344?

Dell EMC iDRAC7, iDRAC8, and iDRAC9 contain a vulnerability that allows unauthorized remote attackers to exploit a stack-based buffer overflow. By sending specially crafted input data, attackers can crash the affected processes or execute arbitrary code on the devices. It is crucial for users to update to the latest versions to mitigate the risks associated with this vulnerability. For more information, visit Dell's support page.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 2.65.65.65

References

https://www.dell.com/support/article/en-us/sln320717/dsa-...

x_refsource_MISC

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2020
Vulnerability Reserved
Jan 3, 2020