A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system.
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HDell Idrac8
APPDell< 2.85.85.85
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Related vulnerabilities
CVE-2020-5344HIGH7.0ten sam produkt
Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based ...
CVE-2016-5685HIGH8.8ten sam produkt
Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bash shell ac...
CVE-2022-34436LOW2.7ten sam produkt
Dell iDRAC8 version 2.83.83.83 and prior contain an improper input validation vulnerability in Racadm when th...
CVE-2026-22769CRITICAL10.0⚠ KEVPL ✓ten sam vendor
Dell RecoverPoint for VMs — zahardkodowane dane uwierzytelniające (RCE, root)
CVE-2026-41120CRITICAL9.8PL ✓ten sam vendor
RCE w Dell Wyse Management Suite — akceptacja niezaufanych danych