CVE-2018-1243

HIGH

Dell EMC iDRAC6 <2.91 - iDRAC7/iDRAC8 <2.60.60.60 - iDRAC9 <3.21.21...

Title source: llm

Description

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.

References (1)

[Vendor Advisory] http://en.community.dell.com/techcenter/extras/m/white_papers/20487494

Scores

CVSS v3 7.5

EPSS 0.0059

EPSS Percentile 69.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-358

Status published

Products (4)

dell/idrac6_firmware < 2.91

dell/idrac7_firmware < 2.60.60.60

dell/idrac8_firmware < 2.60.60.60

dell/idrac9_firmware < 3.21.21.21

Published Jul 02, 2018

Tracked Since Feb 18, 2026