1 Rookie
•
1 Message
0
332
December 2nd, 2024 08:33
Is Dell iDrac affetcted by vulnerability: CVE-2024-39894?
Hello,
Could you please let me know of iDrac is affected by vulnerability: CVE-2024-39894?
Description: OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur.
Thank you,
No Events found!
DELL-Marco B
Moderator
•
3.8K Posts
0
December 2nd, 2024 13:41
Hello,
Based on the information available, Dell iDRAC does not appear to be affected by the specific vulnerability CVE-2024-39894. This vulnerability pertains to OpenSSH versions 9.5 through 9.7 and involves timing attacks against echo-off password entry12.
However, Dell iDRAC has been affected by other vulnerabilities, such as CVE-2024-38433, which involves a different security issue12.
If you have any further questions or need assistance with anything else, feel free to ask!