ID CVE-2018-15774 Type cve Reporter secure@dell.com Modified 2019-10-09T23:35:00
Description
Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access.
{"nessus": [{"lastseen": "2022-04-12T17:06:56", "description": "The remote host is running iDRAC7 or iDRAC8 with a firmware version prior to 2.61.60.60, or iDRAC9 with a firmware version prior to 3.20.21.20, 3.21.24.22, 3.21.26.22 or 3.23.23.23 and is therefore affected by the following vulnerabilities:\n\n - An elevation of privilege vulnerability exists in Redfish interface. An authenticated, attacker can exploit, via a permissions check flaw, to gain elevated privileges.\n (CVE-2018-15774)\n\n - A flaw exists in iDRAC7 / iDRAC8 due to improper handling of an error. A unauthenticated, remote attacker can exploit this to gain access to a u-boot shell. (CVE-2018-15776)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-12-21T00:00:00", "type": "nessus", "title": "Dell iDRAC Products Multiple Vulnerabilities (December 2018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-15774", "CVE-2018-15776"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/h:dell:remote_access_card", "cpe:/h:dell:idrac7", "cpe:/h:dell:idrac8", "cpe:/h:dell:idrac9"], "id": "DRAC_2018_12_13.NASL", "href": "https://www.tenable.com/plugins/nessus/119833", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(119833);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\"CVE-2018-15774\", \"CVE-2018-15776\");\n script_bugtraq_id(106233);\n script_xref(name:\"IAVA\", value:\"2018-A-0412-S\");\n\n script_name(english:\"Dell iDRAC Products Multiple Vulnerabilities (December 2018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running iDRAC7 or iDRAC8 with a firmware version\nprior to 2.61.60.60, or iDRAC9 with a firmware version prior to\n3.20.21.20, 3.21.24.22, 3.21.26.22 or 3.23.23.23 and is therefore\naffected by the following vulnerabilities:\n\n - An elevation of privilege vulnerability exists in Redfish\n interface. An authenticated, attacker can exploit, via a\n permissions check flaw, to gain elevated privileges.\n (CVE-2018-15774)\n\n - A flaw exists in iDRAC7 / iDRAC8 due to improper handling of\n an error. A unauthenticated, remote attacker can exploit this\n to gain access to a u-boot shell. (CVE-2018-15776)\");\n # https://www.dell.com/support/article/us/en/04/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?751fcfbd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the remote host to iDRAC7/iDRAC8 firmware 2.61.60.60, or\niDRAC9 firmware 3.20.21.20, 3.21.24.22, 3.21.26.22, 3.23.23.23 or\nhigher.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15774\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:dell:remote_access_card\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:dell:idrac7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:dell:idrac8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:dell:idrac9\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"drac_detect.nasl\");\n script_require_keys(\"installed_sw/iDRAC\");\n script_require_ports(\"Services/www\", 443);\n\n exit(0);\n}\n\ninclude(\"vcf.inc\");\ninclude(\"vcf_extras.inc\");\ninclude(\"http.inc\");\n\nport = get_http_port(default:443, embedded:TRUE);\n\napp_info = vcf::idrac::get_app_info(port:port);\n\nconstraints = [\n {\"idrac\":\"7\", \"min_version\":\"1.0\", \"fixed_version\":\"2.61.60.60\"},\n {\"idrac\":\"8\", \"min_version\":\"1.0\", \"fixed_version\":\"2.61.60.60\"},\n {\"idrac\":\"9\", \"min_version\":\"1.0\", \"fixed_version\":\"3.20.21.20\"},\n {\"idrac\":\"9\", \"min_version\":\"3.21.00.00\", \"fixed_version\":\"3.21.24.22\"},\n {\"idrac\":\"9\", \"min_version\":\"3.21.25.00\", \"fixed_version\":\"3.21.26.22\"},\n {\"idrac\":\"9\", \"min_version\":\"3.22.00.00\", \"fixed_version\":\"3.23.23.23\"}\n];\n\nvcf::idrac::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);\n", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}]}
