Description
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
Published: 2026-04-29
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Apply Patch
AI Analysis

Impact

Dell iDRAC10 firmware versions 1.20.70.50 and 1.30.05.10 contain a race condition that results in insufficiently protected credentials, as identified by CWE‑522. A user who already has low‑privileged authentication can trigger the race condition to obtain elevated access rights, effectively bypassing the intended credential safeguards. This escalation could allow the attacker to modify iDRAC settings, view or alter configuration files, and gain broader control over the host server, thereby compromising integrity and potentially confidentiality of sensitive host information.

Affected Systems

Affected systems are Dell iDRAC10 interfaces running firmware versions 1.20.70.50 or 1.30.05.10. No other Dell iDRAC variants or firmware revisions are listed as vulnerable.

Risk and Exploitability

The vulnerability is rated a CVSS score of 7.1, indicating high risk, but no EPSS data is available to assess current exploit probability. The vulnerability is not listed in CISA's KEV catalog. The race condition requires an authenticated low‑privileged local account; therefore an attacker must have physical or remote access to the iDRAC interface and legitimate credentials. Exploitation would involve timing the credential verification routine to duplicate authentication tickets or tokens, thereby elevating privileges. While the exact implementational details are not fully documented, the referred Dell advisory indicates that the issue has been patched and should be addressed promptly.

Generated by OpenCVE AI on April 29, 2026 at 06:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the iDRAC firmware to a version that includes the Dell security update referenced in the advisory
  • Restrict or disable low‑privileged accounts on the iDRAC interface and enforce least‑privilege policies
  • Monitor iDRAC logs for anomalous authentication or privilege escalation events

Generated by OpenCVE AI on April 29, 2026 at 06:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 30 Apr 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
First Time appeared Dell
Dell idrac10
Vendors & Products Dell
Dell idrac10

Wed, 29 Apr 2026 06:30:00 +0000

Type Values Removed Values Added
Title Authenticated Low‑Privileged Attacker Can Gain Elevated Access in Dell iDRAC10 via Race Condition

Wed, 29 Apr 2026 05:00:00 +0000

Type Values Removed Values Added
Description Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
Weaknesses CWE-522
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

Dell Idrac10
cve-icon MITRE

Status: PUBLISHED

Assigner: dell

Published:

Updated: 2026-04-30T03:55:52.264Z

Reserved: 2026-04-01T17:04:27.475Z

Link: CVE-2026-35155

cve-icon Vulnrichment

Updated: 2026-04-29T12:12:05.650Z

cve-icon NVD

Status : Received

Published: 2026-04-29T05:16:04.523

Modified: 2026-04-29T05:16:04.523

Link: CVE-2026-35155

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T07:30:05Z

Weaknesses