VAR-201807-1252
Vulnerability from variot - Updated: 2023-12-18 13:33Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-1252",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "idrac6",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.91"
},
{
"model": "idrac7",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac8",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "2.60.60.60"
},
{
"model": "idrac9",
"scope": "lt",
"trust": 1.8,
"vendor": "dell",
"version": "3.21.21.21"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.10.10"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.23.23"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.00.00"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.7"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.40.40"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.06.06"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.20.20"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.37.35"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.8"
},
{
"model": "idrac6",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.95"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dell:idrac6_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.91",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.21.21.21",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.60.60.60",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1243"
}
]
},
"cve": "CVE-2018-1243",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-1243",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-122388",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "security_alert@emc.com",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-1243",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-1243",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "security_alert@emc.com",
"id": "CVE-2018-1243",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-058",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-122388",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-1243",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-1243",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-122388",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-1243",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"id": "VAR-201807-1252",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:47.911000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "iDRAC9 Home",
"trust": 0.8,
"url": "https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja"
},
{
"title": "Multiple Dell Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=81664"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-358",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1243"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-1243"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/358.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/chnzzh/idrac-cve-lib"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-122388"
},
{
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-02T00:00:00",
"db": "VULHUB",
"id": "VHN-122388"
},
{
"date": "2018-07-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"date": "2018-07-02T17:29:00.347000",
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"date": "2018-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-122388"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2018-1243"
},
{
"date": "2018-10-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007907"
},
{
"date": "2019-10-09T23:38:16.460000",
"db": "NVD",
"id": "CVE-2018-1243"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Dell iDRAC Vulnerabilities related to security checks in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007907"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-058"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…