Dell iDRAC6 CVE-2015-7274 Arbitrary Command Execution Vulnerability

Dell iDRAC6 is prone to a vulnerability that let attackers execute arbitrary commands.

Successful exploits will allow attackers to execute arbitrary commands in the context of the affected application. This may further aid in other attacks.

Versions prior to Dell iDRAC6 2.80 are vulnerable.

Information

Bugtraq ID: 97546
Class: Input Validation Error
CVE: CVE-2015-7274

Remote: Yes
Local: No
Published: Apr 09 2017 12:00AM
Updated: Apr 09 2017 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Dell iDRAC6 1.95
Dell iDRAC6 1.7
Dell iDRAC6 1.41

Not Vulnerable: Dell iDRAC6 2.80

References:

• iDRAC6 Homepage (Dell)
  
• Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-72 (dell)
  

Source: www.securityfocus.com