CVE-2013-4785
Last modified
CVE-2013-4785 is a vulnerability of currently unknown severity. The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.". EPSS estimates a 3.62% chance of exploitation in the next 30 days.
Description
The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Dell | Idrac6 Firmware | 1.7 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-4785?
How severe is CVE-2013-4785?
How do I fix CVE-2013-4785?
Are you affected by CVE-2013-4785?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST