CVE-2018-1243

Published: Jul 2, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.

Affected (4)

Products: Dell: Idrac6 Firmware, Idrac7 Firmware, Idrac8 Firmware, Idrac9 Firmware

4 products

Idrac6 Firmware

Idrac7 Firmware

Idrac8 Firmware

Idrac9 Firmware

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Dell Idrac6 Firmware	Before 2.91
Dell Idrac7 Firmware	Before 2.60.60.60
Dell Idrac8 Firmware	Before 2.60.60.60
Dell Idrac9 Firmware	Before 3.21.21.21

Related CWEs

Improperly Implemented Security Check for Standard

The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.

References (2)

http://en.community.dell.com/techcenter/extras/m/white_papers/20487494

Source: security_alert@emc.com

Vendor Advisory

http://en.community.dell.com/techcenter/extras/m/white_papers/20487494

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.