CVE-2013-4785 - OpenCVE

The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Dell	Idrac6 Firmware

Configuration 1 [-]

cpe:2.3:o:dell:idrac6_firmware:1.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf
http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx
http://fish2.com/ipmi/dell/secret.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-07-08T22:00:00

Updated: 2024-08-06T16:52:27.142Z

Reserved: 2013-07-08T00:00:00

Link: CVE-2013-4785

Vulnrichment

No data.

NVD

Status : Modified

Published: 2013-07-08T22:55:01.187

Modified: 2013-09-27T03:47:07.527

Link: CVE-2013-4785

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating \"DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-09-27T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx"}, {"tags": ["x_refsource_MISC"], "url": "http://fish2.com/ipmi/dell/secret.html"}, {"tags": ["x_refsource_MISC"], "url": "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-4785", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating \"DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx", "refsource": "MISC", "url": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx"}, {"name": "http://fish2.com/ipmi/dell/secret.html", "refsource": "MISC", "url": "http://fish2.com/ipmi/dell/secret.html"}, {"name": "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf", "refsource": "MISC", "url": "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:52:27.142Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://fish2.com/ipmi/dell/secret.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-4785", "datePublished": "2013-07-08T22:00:00", "dateReserved": "2013-07-08T00:00:00", "dateUpdated": "2024-08-06T16:52:27.142Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:dell:idrac6_firmware:1.7:*:*:*:*:*:*:*", "matchCriteriaId": "09F3B0C2-F0DB-46E1-B06D-9AC1E9B65651", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The web interface on the Dell iDRAC6 with firmware before 1.95 allows remote attackers to modify the CLP interface for arbitrary users and possibly have other impact via a request to an unspecified form that is accessible from testurls.html. NOTE: the vendor disputes the significance of this issue, stating \"DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.\""}, {"lang": "es", "value": "La interfaz web en el iDRAC6 de Dell con versi\u00f3n de firmware anterior a 1.95, permite a los atacantes remotos modificar la interfaz CLP para usuarios arbitrarios y posiblemente tener otro impacto por medio de una petici\u00f3n a un formulario no especificado que es accesible desde el archivo testurls.html. NOTA: el proveedor cuestiona la importancia de este problema, declarando que \"Los DRAC est\u00e1n destinados a estar en una red de administraci\u00f3n separada; no est\u00e1n dise\u00f1ados ni destinados a ser conectados o conectados a Internet\"."}], "id": "CVE-2013-4785", "lastModified": "2013-09-27T03:47:07.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-07-08T22:55:01.187", "references": [{"source": "cve@mitre.org", "url": "ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf"}, {"source": "cve@mitre.org", "url": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx"}, {"source": "cve@mitre.org", "url": "http://fish2.com/ipmi/dell/secret.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}