CVE-2018-1207

Published: Mar 23, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.

Affected (2)

Products: Dell: Emc Idrac7, Emc Idrac8

Dell

2 products

Emc Idrac7

Emc Idrac8

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Dell Emc Idrac7	Before 2.52.52.52
Dell Emc Idrac8	Before 2.52.52.52

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

http://en.community.dell.com/techcenter/extras/m/white_papers/20485410

Source: security_alert@emc.com

Vendor Advisory

http://www.securityfocus.com/bid/103694

Source: security_alert@emc.com

Third Party AdvisoryVDB Entry

https://twitter.com/nicowaisman/status/977279766792466432

Source: security_alert@emc.com

Third Party Advisory

http://en.community.dell.com/techcenter/extras/m/white_papers/20485410

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/103694

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://twitter.com/nicowaisman/status/977279766792466432

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.