Dell EMC iDRAC memory corruption Vulnerability

A critical vulnerabiltiy has been identified in Dell EMC iDRAC7, iDRAC8 and iDRAC9.

Some unknown processing is affected by this issue. Manipulation with an unknown input can lead to stack based memory corruption.

Declaring the problem with CWE leads to CWE-121.

The Vulnerability was disclosed on the 31st of March 2020 and is being idendified as CVE-20205344.

Since the 1st of April 2020, the attack can be launched remotely and no form of authentication is required for exploitation.

Whilst full technical details are not yet publicly available we invite you to search for CVE’s on our own in-house SCHAN project here:

https://www.hedgehogsecurity.co.uk/vulnerability-database/

Upgrading to version 2.65.65.65, 2.70.70.70 or 4.00.00.00 will eliminate this vulnerability.

If you would like some help or advice with this CVE or vulnerability management please feel free to contact our team at any time.