CVE-2018-1207

CRITICAL EXPLOITED NUCLEI

Dell Emc Idrac7 < 2.52.52.52 - Code Injection

Title source: rule

Description

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.

Exploits (5)

exploitdb WORKING POC

by Photubias · pythonremotehardware

https://www.exploit-db.com/exploits/52246

View Code ZIP pw:eip

nomisec WORKING POC 16 stars

by mgargiullo · remote

https://github.com/mgargiullo/cve-2018-1207

View Code ZIP pw:eip

nomisec WORKING POC

by theinkbit · poc

https://github.com/theinkbit/CVE-2018-1207

View Code ZIP pw:eip

nomisec WORKING POC

by hironull · remote

https://github.com/hironull/CVE-2018-1207-better

View Code ZIP pw:eip

vulncheck_xdb

remote

https://github.com/SYNKTeam/CVE-2018-1207

View on vulncheck_xdb

Nuclei Templates (1)

Dell iDRAC7/8 Devices - Remote Code Injection

CRITICALby dwisiswant0

References (3)

[Vendor Advisory] http://en.community.dell.com/techcenter/extras/m/white_papers/20485410

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103694

[Third Party Advisory] https://twitter.com/nicowaisman/status/977279766792466432

Scores

CVSS v3 9.8

EPSS 0.9379

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2024-04-15

CWE

CWE-94

Status published

Products (2)

dell/emc_idrac7 < 2.52.52.52

dell/emc_idrac8 < 2.52.52.52

Published Mar 23, 2018

Tracked Since Feb 18, 2026