Severity by source
AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L
Lifecycle Timeline
4DescriptionCVE.org
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions prior to 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G versions prior to 1.20.25.00, contain a Process Control vulnerability. A high privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to code execution.
AnalysisAI
A Process Control vulnerability (CWE-114) exists in Dell Integrated Dell Remote Access Controller (iDRAC) across multiple generations that allows a high-privileged attacker with adjacent network access to achieve code execution. Affected versions include iDRAC 9 (14G prior to 7.00.00.181, 15G and 16G prior to 7.20.10.50) and iDRAC 10 (17G prior to 1.20.25.00). While the CVSS score of 5.3 is moderate, the integrity impact is rated high and remote code execution capability presents significant risk to out-of-band management infrastructure.
Technical ContextAI
Dell Integrated Dell Remote Access Controller (iDRAC) is a baseboard management controller that provides out-of-band remote management capabilities for Dell PowerEdge servers. The vulnerability stems from improper process control mechanisms (CWE-114), which typically involves inadequate validation or enforcement of process execution boundaries, allowing attackers to manipulate process behavior or inject code into running processes. Affected products are identified via CPE cpe:2.3:a:dell:integrated_dell_remote_access_controller:*:*:*:*:*:*:*:* and span multiple hardware generations (14G, 15G, 16G for iDRAC 9 and 17G for iDRAC 10). The vulnerability requires adjacent network access, meaning the attacker must be on the same network segment as the iDRAC management interface, and high privilege level (PR:H), indicating the attacker must already possess significant access to the iDRAC system.
RemediationAI
Apply the security update immediately: upgrade iDRAC 9 on 14G systems to version 7.00.00.181 or later, upgrade iDRAC 9 on 15G and 16G systems to version 7.20.10.50 or later, and upgrade iDRAC 10 on 17G systems to version 1.20.25.00 or later via the Dell support advisory at https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities. As interim controls pending patching, restrict network access to iDRAC management interfaces to authorized administrative networks only, implement network segmentation to isolate iDRAC traffic on a dedicated out-of-band management VLAN, enforce strong authentication and credential management on iDRAC accounts, and disable unnecessary iDRAC services and protocols. Monitor iDRAC logs for suspicious process execution or authentication anomalies.
Same weakness CWE-114 – Process Control
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12915