CVE-2018-1207

🗓️ 23 Mar 2018 14:00:00Reported by dellType

cve🔗 web.nvd.nist.gov👁 146 Views🌐 WEB

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, CGI injection vulnerability

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2018-1207	17 Apr 202521:02	–	circl
CNVD	Dell EMC iDRAC7 and iDRAC8 Code Execution Vulnerabilities	27 Mar 201800:00	–	cnvd
Cvelist	CVE-2018-1207	23 Mar 201814:00	–	cvelist
Tenable Nessus	Dell iDRAC Products Multiple Vulnerabilities (Mar 2018)	20 Apr 201800:00	–	nessus
Tenable Nessus	Dell EMC Code Injection (CVE-2018-1207)	17 Jan 202400:00	–	nessus
Exploit DB	Dell EMC iDRAC7/iDRAC8 2.52.52.52 - Remote Code Execution (RCE)	16 Apr 202500:00	–	exploitdb
canvas	Immunity Canvas: IDRAC_APPWEB_RCE	23 Mar 201814:29	–	canvas
Nuclei	Dell iDRAC7/8 Devices - Remote Code Injection	1 Jun 202605:38	–	nuclei
NVD	CVE-2018-1207	23 Mar 201814:29	–	nvd
Packet Storm	📄 Dell EMC iDRAC7/iDRAC8 2.52.52.52 Remote Code Execution	16 Apr 202500:00	–	packetstorm

NVD

Node

dell emc_idrac7Range<2.52.52.52

dell emc_idrac8Range<2.52.52.52

Source	Link
twitter	www.twitter.com/nicowaisman/status/977279766792466432
en	www.en.community.dell.com/techcenter/extras/m/white_papers/20485410
securityfocus	www.securityfocus.com/bid/103694

Parameter	Position	Path	Description	CWE
LD_DEBUG	query param	cgi-bin/login	Vulnerable CGI endpoint used to verify vulnerability via LD_DEBUG parameter in URL	CWE-94
binary payload	binary	cgi-bin/putfile	CGI file upload endpoint used to upload a shared library for remote code execution	CWE-94
LD_PRELOAD	query param	cgi-bin/discover	Endpoint used to trigger execution of uploaded library via LD_PRELOAD	CWE-94

21 Nov 2024 03:59Current

9.6High risk

Vulners AI Score9.6

CVSS 27.5

CVSS 39.8

EPSS0.9379