CVE-2018-1212
HIGHDell EMC iDRAC6 - Authenticated Command Injection via Web-Based Diagnostics Console
Title source: llmDescription
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://en.community.dell.com/techcenter/extras/m/white_papers/20487494
Scores
CVSS v3
8.8
EPSS
0.0089
EPSS Percentile
75.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
dell/idrac6_modular
dell/idrac6_monolithic
< 2.91
Published
Jul 02, 2018
Tracked Since
Feb 18, 2026