PT-2020-06: Local file reading in iDRAC iDRAC (versions before 4.20.20.20)Severity:Severity level: High Impact: Local file reading in iDRAC Access Vector: RemoteCVSS v3.1: Base 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:LCVE: CVE-2020-5366Vulnerability description:A vulnerability in iDRAC versions prior to 4.20.20.20 allows low-privileged users to gain unauthorized read access to arbitrary files on the system and potentially obtain administrative privileges.Advisory status:March 12, 2020 - Vendor notification date July 7, 2020 - Security advisory publication date (https://www.dell.com/support/article/en-us/sln322125/dsa-2020-128-idrac-local-file-inclusion-vulnerability?lang=en) Credits:The vulnerability was discovered by Georgy Kiguradze and Mark Ermolov, Positive Technologies