CVE-2018-1243 iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability

🗓️ 02 Jul 2018 17:00:00Reported by dellType

CVE-2018-1243 iDRAC6/iDRAC7/iDRAC8 Weak CGI session ID vulnerabilit

Reporter	Title	Published	Views	Family All 7
CNVD	Multiple Dell Products Brute Force Vulnerabilities	4 Jul 201800:00	–	cnvd
CVE	CVE-2018-1243	2 Jul 201817:00	–	cve
Tenable Nessus	Dell iDRAC Products Multiple Vulnerabilities (June 2018)	9 Aug 201800:00	–	nessus
Tenable Nessus	Dell iDRAC6 Improperly Implemented Security Check for Standard (CVE-2018-1243)	17 Jan 202400:00	–	nessus
EUVD	EUVD-2018-11876	7 Oct 202500:30	–	euvd
NVD	CVE-2018-1243	2 Jul 201817:29	–	nvd
Prion	Spoofing	2 Jul 201817:29	–	prion

[
  {
    "product": "iDRAC6",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.91",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iDRAC7",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.60.60.60",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iDRAC8",
    "vendor": "Dell EMC",
    "versions": [
      {
        "lessThan": "2.60.60.60",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
en	www.en.community.dell.com/techcenter/extras/m/white_papers/20487494

02 Jul 2018 16:57Current

7.7High risk

Vulners AI Score7.7

CVSS 37.5

EPSS0.00587