Redfish Interface Privilege Escalation Vulnerability in Dell EMC iDRAC

Redfish Interface Privilege Escalation Vulnerability in Dell EMC iDRAC

CVE-2018-15774 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.

Learn more about our User Device Pen Test.