Path Traversal Vulnerability in Dell EMC iDRAC9
CVE-2020-5366

7.1HIGH

Key Information:

Vendor: Dell
Status: Integrated Dell Remote Access Controller (idrac)
Vendor: CVE Published:; 9 July 2020

What is CVE-2020-5366?

The Dell EMC iDRAC9 prior to version 4.20.20.20 is susceptible to a path traversal vulnerability that allows a remote authenticated adversary with low privileges to exploit it. By manipulating input parameters, the attacker may gain unauthorized read access to arbitrary files on the system, potentially exposing sensitive information and leading to further security breaches.

Affected Version(s)

Integrated Dell Remote Access Controller (iDRAC) < 4.20.20.20

References

https://www.dell.com/support/article/en-us/sln322125/dsa-...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2020
Vulnerability Reserved
Jan 3, 2020