Sign-up

ID

VAR-201911-0372


CVE

CVE-2019-3764


TITLE

Dell EMC iDRAC8 and iDRAC9 Vulnerable to unauthorized authentication

Trust: 0.8

sources: JVNDB: JVNDB-2019-011827

DESCRIPTION

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. A remote authenticated malicious iDRAC user with low privileges may potentially exploit this vulnerability to obtain sensitive information such as password hashes. Dell EMC iDRAC8 and iDRAC9 Contains an unauthorized authentication vulnerability.Information may be obtained. Dell EMC iDRAC9 and others are products of Dell (Dell). This vulnerability stems from the lack of authentication measures or insufficient authentication strength in network systems or products

Trust: 1.8

sources: NVD: CVE-2019-3764 // JVNDB: JVNDB-2019-011827 // VULHUB: VHN-155199 // VULMON: CVE-2019-3764

AFFECTED PRODUCTS

vendor:dellmodel:idrac8scope:ltversion:2.70.70.70

Trust: 1.8

vendor:dellmodel:idrac9scope:ltversion:3.36.36.36

Trust: 1.8

vendor:dellmodel:idrac7scope:ltversion:2.65.65.65

Trust: 1.0

sources: JVNDB: JVNDB-2019-011827 // NVD: CVE-2019-3764

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-3764
value: MEDIUM

Trust: 1.0

security_alert@emc.com: CVE-2019-3764
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-3764
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-419
value: MEDIUM

Trust: 0.6

VULHUB: VHN-155199
value: MEDIUM

Trust: 0.1

VULMON: CVE-2019-3764
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-3764
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-155199
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-3764
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

security_alert@emc.com: CVE-2019-3764
baseSeverity: MEDIUM
baseScore: 5.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 1.6
impactScore: 3.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-3764
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-155199 // VULMON: CVE-2019-3764 // JVNDB: JVNDB-2019-011827 // CNNVD: CNNVD-201911-419 // NVD: CVE-2019-3764 // NVD: CVE-2019-3764

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-285

Trust: 1.0

problemtype:CWE-863

Trust: 0.9

sources: VULHUB: VHN-155199 // JVNDB: JVNDB-2019-011827 // NVD: CVE-2019-3764

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-419

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201911-419

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011827

PATCH
title:DSA-2019-137url:https://www.dell.com/support/article/jp/ja/jpdhs1/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en
Trust: 0.8
title:Dell EMC iDRAC7 , iDRAC8  and iDRAC9 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=108199
Trust: 0.6
title: - url:https://github.com/chnzzh/iDRAC-CVE-lib 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-3764 // 
            
            
            
            JVNDB: JVNDB-2019-011827 // 
            
            
            
            CNNVD: CNNVD-201911-419

EXTERNAL IDS
db:NVDid:CVE-2019-3764
Trust: 2.6
db:JVNDBid:JVNDB-2019-011827
Trust: 0.8
db:CNNVDid:CNNVD-201911-419
Trust: 0.7
db:VULHUBid:VHN-155199
Trust: 0.1
db:VULMONid:CVE-2019-3764
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155199 // 
            
            
            
            VULMON: CVE-2019-3764 // 
            
            
            
            JVNDB: JVNDB-2019-011827 // 
            
            
            
            CNNVD: CNNVD-201911-419 // 
            
            
            
            NVD: CVE-2019-3764

REFERENCES
url:https://www.dell.com/support/article/sln319317/dsa-2019-137-idrac-improper-authorization-vulnerability?lang=en
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-3764
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3764
Trust: 0.8
url:https://vigilance.fr/vulnerability/rsa-authentication-manager-vulnerability-via-idrac-31132
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110909
Trust: 0.1
sources:
            
            
            VULHUB: VHN-155199 // 
            
            
            
            VULMON: CVE-2019-3764 // 
            
            
            
            JVNDB: JVNDB-2019-011827 // 
            
            
            
            CNNVD: CNNVD-201911-419 // 
            
            
            
            NVD: CVE-2019-3764

SOURCES
db:VULHUBid:VHN-155199
db:VULMONid:CVE-2019-3764
db:JVNDBid:JVNDB-2019-011827
db:CNNVDid:CNNVD-201911-419
db:NVDid:CVE-2019-3764

LAST UPDATE DATE
2024-11-23T23:11:38.265000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-155199date:2020-10-16T00:00:00
db:VULMONid:CVE-2019-3764date:2020-10-16T00:00:00
db:JVNDBid:JVNDB-2019-011827date:2019-11-19T00:00:00
db:CNNVDid:CNNVD-201911-419date:2020-10-21T00:00:00
db:NVDid:CVE-2019-3764date:2024-11-21T04:42:29.157

SOURCES RELEASE DATE
db:VULHUBid:VHN-155199date:2019-11-07T00:00:00
db:VULMONid:CVE-2019-3764date:2019-11-07T00:00:00
db:JVNDBid:JVNDB-2019-011827date:2019-11-19T00:00:00
db:CNNVDid:CNNVD-201911-419date:2019-11-07T00:00:00
db:NVDid:CVE-2019-3764date:2019-11-07T18:15:12.167