Lucene search

DellCVELIST:CVE-2018-1243

HistoryJun 26, 2018 - 12:00 a.m.

CVE-2018-1243 iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability

2018-06-2600:00:00

dell

www.cve.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.

CNA Affected

[
  {
    "product": "iDRAC6",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.91",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iDRAC7",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.60.60.60",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iDRAC8",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.60.60.60",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

en.community.dell.com/techcenter/extras/m/white_papers/20487494

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVELIST:CVE-2018-1243