CVE-2024-25951

CVSS 8 HIGHEPSS 0.8%CWE-1288

In short

An authenticated user can inject malicious commands into RACADM (a Dell remote management tool) to take control of the underlying operating system. This is dangerous because someone with login credentials can bypass normal security restrictions and run unauthorized commands.

Technical detail

RACADM contains a command injection vulnerability (CWE-1288) that allows authenticated users to execute arbitrary operating system commands. The attack requires valid authentication credentials and can result in complete system compromise with OS-level privileges.

Summary generated and translated by AI from the official description.

A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Dell · Integrated Dell Remote Access Controller 8

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability