Search criteria
6 vulnerabilities found for emc_idrac7 by dell
FKIE_CVE-2018-1211
Vulnerability from fkie_nvd - Published: 2018-03-23 14:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_idrac7 | * | |
| dell | emc_idrac8 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E41F5175-E4C0-40BC-A7AD-F0681CED1B35",
"versionEndExcluding": "2.52.52.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_idrac8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB163F4-B9BB-4360-ADE0-402FB95C52CB",
"versionEndExcluding": "2.52.52.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server\u0027s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings."
},
{
"lang": "es",
"value": "Dell EMC iDRAC7/iDRAC8, en versiones anteriores a la 2.52.52.52, contiene una vulnerabilidad de salto de directorio en su analizador URI del servidor web que podr\u00eda utilizarse para obtener informaci\u00f3n sensible espec\u00edfica sin autenticaci\u00f3n. Un atacante remoto no autenticado podr\u00eda leer los ajustes de configuraci\u00f3n del iDRAC consultando cadenas URI espec\u00edficas."
}
],
"id": "CVE-2018-1211",
"lastModified": "2024-11-21T03:59:23.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-23T14:29:00.353",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1207
Vulnerability from fkie_nvd - Published: 2018-03-23 14:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.
References
| URL | Tags | ||
|---|---|---|---|
| security_alert@emc.com | http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 | Vendor Advisory | |
| security_alert@emc.com | http://www.securityfocus.com/bid/103694 | Third Party Advisory, VDB Entry | |
| security_alert@emc.com | https://twitter.com/nicowaisman/status/977279766792466432 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103694 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://twitter.com/nicowaisman/status/977279766792466432 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dell | emc_idrac7 | * | |
| dell | emc_idrac8 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E41F5175-E4C0-40BC-A7AD-F0681CED1B35",
"versionEndExcluding": "2.52.52.52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dell:emc_idrac8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB163F4-B9BB-4360-ADE0-402FB95C52CB",
"versionEndExcluding": "2.52.52.52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code."
},
{
"lang": "es",
"value": "Dell EMC iDRAC7/iDRAC8, en versiones anteriores a la 2.52.52.52, contiene una vulnerabilidad de inyecci\u00f3n CGI que podr\u00eda utilizarse para ejecutar c\u00f3digo remoto. Un atacante remoto no autenticado podr\u00eda utilizar variables CGI para ejecutar c\u00f3digo remoto."
}
],
"id": "CVE-2018-1207",
"lastModified": "2024-11-21T03:59:23.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-23T14:29:00.277",
"references": [
{
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103694"
},
{
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
}
],
"sourceIdentifier": "security_alert@emc.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-1207 (GCVE-0-2018-1207)
Vulnerability from cvelistv5 – Published: 2018-03-23 14:00 – Updated: 2024-08-05 03:51
VLAI?
Summary
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
},
{
"name": "103694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
},
{
"name": "103694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2018-1207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410",
"refsource": "MISC",
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"name": "https://twitter.com/nicowaisman/status/977279766792466432",
"refsource": "MISC",
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
},
{
"name": "103694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1207",
"datePublished": "2018-03-23T14:00:00",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1211 (GCVE-0-2018-1211)
Vulnerability from cvelistv5 – Published: 2018-03-23 14:00 – Updated: 2024-09-16 20:22
VLAI?
Summary
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
Severity ?
No CVSS data available.
CWE
- path traversal vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | iDRAC7/iDRAC8 |
Affected:
versions prior to 2.52.52.52
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iDRAC7/iDRAC8",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.52.52.52"
}
]
}
],
"datePublic": "2018-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server\u0027s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "path traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-23T13:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-20T00:00:00",
"ID": "CVE-2018-1211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iDRAC7/iDRAC8",
"version": {
"version_data": [
{
"version_value": "versions prior to 2.52.52.52"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server\u0027s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "path traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410",
"refsource": "MISC",
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1211",
"datePublished": "2018-03-23T14:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T20:22:05.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1207 (GCVE-0-2018-1207)
Vulnerability from nvd – Published: 2018-03-23 14:00 – Updated: 2024-08-05 03:51
VLAI?
Summary
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
},
{
"name": "103694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103694"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T09:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
},
{
"name": "103694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103694"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2018-1207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410",
"refsource": "MISC",
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
},
{
"name": "https://twitter.com/nicowaisman/status/977279766792466432",
"refsource": "MISC",
"url": "https://twitter.com/nicowaisman/status/977279766792466432"
},
{
"name": "103694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103694"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1207",
"datePublished": "2018-03-23T14:00:00",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1211 (GCVE-0-2018-1211)
Vulnerability from nvd – Published: 2018-03-23 14:00 – Updated: 2024-09-16 20:22
VLAI?
Summary
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
Severity ?
No CVSS data available.
CWE
- path traversal vulnerability
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Dell EMC | iDRAC7/iDRAC8 |
Affected:
versions prior to 2.52.52.52
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.979Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "iDRAC7/iDRAC8",
"vendor": "Dell EMC",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.52.52.52"
}
]
}
],
"datePublic": "2018-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server\u0027s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "path traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-23T13:57:01",
"orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"shortName": "dell"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-20T00:00:00",
"ID": "CVE-2018-1211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iDRAC7/iDRAC8",
"version": {
"version_data": [
{
"version_value": "versions prior to 2.52.52.52"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server\u0027s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "path traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410",
"refsource": "MISC",
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
"assignerShortName": "dell",
"cveId": "CVE-2018-1211",
"datePublished": "2018-03-23T14:00:00Z",
"dateReserved": "2017-12-06T00:00:00",
"dateUpdated": "2024-09-16T20:22:05.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}