CVE-2013-3589
Last modified
CVE-2013-3589 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.. EPSS estimates a 1.63% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject arbitrary web script or HTML via the ErrorMsg parameter.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Idrac6 Firmware | <= 1.95 |
| Dell | Idrac6 Firmware | 1.0 |
| Dell | Idrac6 Firmware | 1.1 |
| Dell | Idrac6 Firmware | 1.2 |
| Dell | Idrac6 Firmware | 1.3 |
| Dell | Idrac6 Firmware | 1.5 |
| Dell | Idrac6 Firmware | 1.6 |
| Dell | Idrac6 Firmware | 1.8 |
| Dell | Idrac6 Monolithic | All versions |
| Dell | Idrac7 Firmware | <= 1.40.40 |
| Dell | Idrac7 Firmware | 1.00.00 |
| Dell | Idrac7 Firmware | 1.06.06 |
| Dell | Idrac7 Firmware | 1.10.10 |
| Dell | Idrac7 Firmware | 1.20.20 |
| Dell | Idrac7 Firmware | 1.23.23 |
| Dell | Idrac7 Firmware | 1.37.35 |
| Dell | Idrac7 | All versions |
References
- http://www.kb.cert.org/vuls/id/920038US Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-997QVWUS Government Resource
- http://www.kb.cert.org/vuls/id/920038US Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-997QVWUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-3589?
How severe is CVE-2013-3589?
How do I fix CVE-2013-3589?
Are you affected by CVE-2013-3589?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST