CVE-2018-1243

🗓️ 02 Jul 2018 17:00:00Reported by dellType

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks

Reporter	Title	Published	Views	Family All 7
CNVD	Multiple Dell Products Brute Force Vulnerabilities	4 Jul 201800:00	–	cnvd
Cvelist	CVE-2018-1243 iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability	2 Jul 201817:00	–	cvelist
Tenable Nessus	Dell iDRAC Products Multiple Vulnerabilities (June 2018)	9 Aug 201800:00	–	nessus
Tenable Nessus	Dell iDRAC6 Improperly Implemented Security Check for Standard (CVE-2018-1243)	17 Jan 202400:00	–	nessus
EUVD	EUVD-2018-11876	7 Oct 202500:30	–	euvd
NVD	CVE-2018-1243	2 Jul 201817:29	–	nvd
Prion	Spoofing	2 Jul 201817:29	–	prion

NVD

Vulners

Node

dell idrac6_firmwareRange<2.91

dell idrac7_firmwareRange<2.60.60.60

dell idrac8_firmwareRange<2.60.60.60

dell idrac9_firmwareRange<3.21.21.21

[
  {
    "product": "iDRAC6",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.91",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iDRAC7",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.60.60.60",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iDRAC8",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.60.60.60",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
en	www.en.community.dell.com/techcenter/extras/m/white_papers/20487494

21 Nov 2024 03:59Current

7.7High risk

Vulners AI Score7.7

CVSS 25

CVSS 37.5

EPSS0.00587

CWE-358