Dell EMC iDRAC9 versions prior to 4.20.20.20 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) Vulnerability

Summary

Dell EMC iDRAC9 versions prior to 4.20.20.20 suffers from improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability

Credit:

The information has been provided by Georgy Kiguradze

The original article can be found at:https://www.dell.com/support/article/en-us/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en


Details

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability by manipulating input parameters to gain unauthorized read access to the arbitrary files.

 

Vulnerable Systems:

Dell EMC iDRAC9 versions prior to 4.20.20.20

 

CVE Information:

CVE-2020-5366

 

Disclosure Timeline:
Published Date:7/9/2020

Categories: FeaturedNews