PT-2020-06: Local file reading in iDRAC

iDRAC (versions before


Severity level: High
Impact: Local file reading in iDRAC
Access Vector: Remote

CVSS v3.1: Base 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CVE: CVE-2020-5366

Vulnerability description:

A vulnerability in iDRAC versions prior to allows low-privileged users to gain unauthorized read access to arbitrary files on the system and potentially obtain administrative privileges.

Advisory status:

March 12, 2020 - Vendor notification date
July 7, 2020 - Security advisory publication date (


The vulnerability was discovered by Georgy Kiguradze and Mark Ermolov, Positive Technologies