Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4DescriptionCVE.org
Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.174, 15G and 16G versions prior to 7.10.90.00, contain an Exposure of Sensitive System Information Due to Uncleared Debug Information vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to information disclosure.
AnalysisAI
Dell Integrated Dell Remote Access Controller (iDRAC) versions 9, 14G (prior to 7.00.00.174), 15G, and 16G (prior to 7.10.90.00) contain an exposure of sensitive system information vulnerability caused by uncleared debug information in memory or logs. A remote attacker with high privileges can exploit this to disclose confidential system details without modifying or disrupting service availability. While the CVSS score is moderate at 4.9 due to high privilege requirements, the confidentiality impact is rated high, making this relevant for organizations where insider threats or compromised administrator accounts are a concern.
Technical ContextAI
This vulnerability (CWE-1258: Exposure of Sensitive System Information to an Unauthorized Control Sphere) occurs in Dell's iDRAC firmware, which is a baseboard management controller providing remote out-of-band management capabilities for Dell PowerEdge servers. The root cause is uncleared debug information—likely verbose logging, memory dumps, or diagnostic artifacts—left accessible within the iDRAC interface or firmware. The affected CPE cpe:2.3:a:dell:integrated_dell_remote_access_controller:*:*:*:*:*:*:*:* encompasses all iDRAC product lines at vulnerable versions. iDRAC operates at firmware level with administrative access, making debug data exposure particularly sensitive as it may contain credentials, encryption keys, or system architecture details used for server provisioning and management.
RemediationAI
Update Dell iDRAC firmware to version 7.00.00.174 or later for 9 and 14G models, or to version 7.10.90.00 or later for 15G and 16G models. Firmware updates are available through Dell Support at https://www.dell.com/support/kbdoc/en-us/000434533/dsa-2026-113-security-update-for-dell-idrac9-and-idrac10-vulnerabilities. Prioritize patching iDRAC instances in high-security environments. As interim mitigations, restrict network access to iDRAC interfaces to trusted administrative networks and VPNs, limit iDRAC user accounts to minimum necessary privileges, and disable remote access if not operationally required. Audit iDRAC access logs for any suspicious queries by privileged accounts and review recent credential access history to detect potential misuse prior to patching.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12917