Skip to main content

Idrac9 Firmware

20 CVEs product

Monthly

CVE-2025-22397 MEDIUM This Month

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Authentication Bypass Idrac9 Firmware Idrac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-26482 MEDIUM This Month

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Poweredge R770 Firmware Poweredge R670 Firmware Poweredge R570 Firmware +109
NVD
CVSS 3.1
4.9
EPSS
0.0%
CVE-2021-21538 CRITICAL PATCH Act Now

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Authentication Bypass Idrac9 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.7%
CVE-2021-21544 LOW Monitor

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Idrac9 Firmware
NVD
CVSS 3.1
2.7
EPSS
0.9%
CVE-2021-21543 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-21542 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-21541 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-21540 HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Dell Stack Overflow Idrac9 Firmware
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2021-21539 HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2020-26198 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Idrac9 Firmware
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2020-5366 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Idrac9 Firmware
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2020-5344 CRITICAL Act Now

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow Dell Idrac7 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-3764 MEDIUM This Month

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac7 Firmware Idrac8 Firmware Idrac9 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2019-3707 CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-3706 CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
CVSS 3.0
9.8
EPSS
3.3%
CVE-2019-3705 CRITICAL Act Now

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell RCE Idrac6 Firmware Idrac7 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2018-15774 HIGH This Week

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell Idrac7 Firmware Idrac8 Firmware +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2018-1249 MEDIUM This Month

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
CVSS 3.0
5.9
EPSS
0.9%
CVE-2018-1244 HIGH This Week

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Idrac7 Firmware Idrac8 Firmware Idrac9 Firmware
NVD
CVSS 3.0
8.8
EPSS
3.5%
CVE-2018-1243 HIGH This Week

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac6 Firmware Idrac7 Firmware Idrac8 Firmware +1
NVD
CVSS 3.0
7.5
EPSS
1.8%
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Integrated Dell Remote Access Controller 9, 14G versions prior to 7.00.00.181, 15G and 16G versions 6.10.80.00 through 7.20.10.50 and Dell Integrated Dell Remote Access Controller 10, 17G. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Authentication Bypass +2
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Dell PowerEdge Server BIOS and Dell iDRAC9, all versions, contains an Information Disclosure vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Information Disclosure Poweredge R770 Firmware +111
NVD
EPSS 2% CVSS 10.0
CRITICAL PATCH Act Now

Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Dell Authentication Bypass Idrac9 Firmware
NVD
EPSS 1% CVSS 2.7
LOW Monitor

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain an improper authentication vulnerability. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Idrac9 Firmware
NVD
EPSS 1% CVSS 4.8
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell XSS Idrac9 Firmware
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Dell Stack Overflow +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Dell Idrac9 Firmware
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Path Traversal Idrac9 Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Stack Overflow +4
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Dell EMC iDRAC7 versions prior to 2.65.65.65, iDRAC8 versions prior to 2.70.70.70 and iDRAC9 versions prior to 3.36.36.36 contain an improper authorization vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac7 Firmware +2
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.30.30.30 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Dell EMC iDRAC9 versions prior to 3.24.24.24, 3.21.26.22, 3.22.22.22 and 3.21.25.22 contain an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dell Idrac9 Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

Dell EMC iDRAC6 versions prior to 2.92, iDRAC7/iDRAC8 versions prior to 2.61.60.60, and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 and 3.23.23.23 contain a stack-based buffer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Dell RCE +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Dell +3
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Dell EMC iDRAC9 versions prior to 3.21.21.21 did not enforce the use of TLS/SSL for a connection to iDRAC web server for certain URLs. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Information Disclosure Idrac9 Firmware
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Idrac7 Firmware +2
NVD
EPSS 2% CVSS 7.5
HIGH This Week

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Dell Information Disclosure Idrac6 Firmware +3
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy