CVE-2018-15774

Name: CVE-2018-15774
Creator: NVD / NIST
Published: 2018-12-13T22:29:00.327+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.94%

Last modified Jun 17, 2026

CVE-2018-15774 is a vulnerability of currently unknown severity. Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.. EPSS estimates a 0.94% chance of exploitation in the next 30 days.

Description

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.

Metrics

EPSS Probability

0.94%

56.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-863

Affected Software

Vendor	Product	Versions
Dell	Idrac7 Firmware	< 2.61.60.60
Dell	Idrac8 Firmware	< 2.61.60.60
Dell	Idrac9 Firmware	< 3.20.21.20
Dell	Idrac9 Firmware	>= 3.21.21.21, < 3.21.24.22

References

http://www.securityfocus.com/bid/106233Third Party Advisory, VDB Entry
https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=enVendor Advisory
http://www.securityfocus.com/bid/106233Third Party Advisory, VDB Entry
https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=enVendor Advisory

Timeline

Published: Dec 13, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-15774?

How severe is CVE-2018-15774?

Severity scoring for CVE-2018-15774 is pending analysis. The EPSS model estimates a 0.94% probability of exploitation in the next 30 days.

How do I fix CVE-2018-15774?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-15774?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST