Vulnerabilities exploitable with only iDRAC version knowledge
View Source Repository| CVE ID | Description | Affected Versions | Exploit Type | Reference |
|---|---|---|---|---|
| CVE-2022-24422 | Improper authentication; remote unauthenticated attacker can gain access to the VNC console | iDRAC9 versions 5.00.00.00 to before 5.10.10.00 | Authentication Bypass | View Details |
| CVE-2021-21538 | Improper authentication; remote unauthenticated attacker can gain access to the virtual console | iDRAC9 versions 4.40.00.00 to before 4.40.10.00 | Authentication Bypass | View Details |
| CVE-2020-5344 | Stack-based buffer overflow; unauthenticated remote attacker can execute arbitrary code | iDRAC7 < 2.65.65.65, iDRAC8 < 2.70.70.70, iDRAC9 < 4.00.00.00 | Remote Code Execution | View Details |
| CVE-2019-3707 | Authentication bypass via WS-MAN interface; remote attacker can gain system access | iDRAC9 < 3.30.30.30 | Authentication Bypass | View Details |
| CVE-2019-3706 | Authentication bypass via web interface; remote attacker can gain system access | iDRAC9 < 3.24.24.24, 3.21.26.22, 3.22.22.22, 3.21.25.22 | Authentication Bypass | View Details |
| CVE-2019-3705 | Stack-based buffer overflow; unauthenticated remote attacker can execute arbitrary code | iDRAC6 < 2.92, iDRAC7/8 < 2.61.60.60, iDRAC9 < 3.20.21.20, 3.21.24.22, 3.21.26.22, 3.23.23.23 | Remote Code Execution | View Details |
| CVE-2018-15776 | Stack-based buffer overflow; unauthenticated remote attacker can execute arbitrary code | iDRAC7/8 < 2.61.60.60 | Remote Code Execution | View Details |
| CVE-2018-1244 | Command injection in SNMP agent; remote authenticated attacker can execute arbitrary commands | iDRAC7/8 < 2.60.60.60, iDRAC9 < 3.21.21.21 | Command Injection | View Details |
| CVE-2018-1212 | Command injection in diagnostics console; remote authenticated attacker can execute arbitrary commands as root | iDRAC6 Monolithic < 2.91, Modular all versions | Command Injection | View Details |
| CVE-2018-1207 | CGI injection; remote unauthenticated attacker can execute remote code | iDRAC7/8 < 2.52.52.52 | Remote Code Execution | View Details |
| CVE-2018-11053 | CGI injection; remote unauthenticated attacker can execute remote code | iDRAC Service Module v3.0.1, v3.0.2, v3.1.0, v3.2.0 | Remote Code Execution | View Details |
| CVE-2020-5366 | Undocumented default iDRAC account; remote unauthenticated attacker can log in with default credentials | iDRAC9 < 4.20.20.20 | Default Credentials | View Details |
| CVE-2021-21505 | Undocumented default iDRAC account; remote unauthenticated attacker can gain root privileges | iDRAC9 versions 1906–2011 | Default Credentials | View Details |
| CVE-2024-25943 | Session hijacking in IPMI; remote attacker can execute arbitrary code | iDRAC9 < 7.00.00.172 (14th-gen) and < 7.10.50.00 (15th/16th-gen) | Remote Code Execution | View Details |
| CVE-2021-36300 | Improper input validation; unauthenticated remote attacker can crash the webserver or cause information disclosure | iDRAC9 < 5.00.00.00 | DoS/Info Disclosure | View Details |