Vulnerability Details CVE-2018-1207
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.938
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://en.community.dell.com/techcenter/extras/m/white_papers/20485410
- http://www.securityfocus.com/bid/103694
- https://twitter.com/nicowaisman/status/977279766792466432
- http://en.community.dell.com/techcenter/extras/m/white_papers/20485410
- http://www.securityfocus.com/bid/103694
- https://twitter.com/nicowaisman/status/977279766792466432
Products affected by CVE-2018-1207
-
cpe:2.3:a:dell:emc_idrac7:2.01.00.01
-
cpe:2.3:a:dell:emc_idrac7:2.02.01.01
-
cpe:2.3:a:dell:emc_idrac7:2.10.10.10
-
cpe:2.3:a:dell:emc_idrac7:2.15.10.10
-
cpe:2.3:a:dell:emc_idrac7:2.20.20.20
-
cpe:2.3:a:dell:emc_idrac7:2.21.21.21
-
cpe:2.3:a:dell:emc_idrac7:2.22.22.22
-
cpe:2.3:a:dell:emc_idrac7:2.23.23.21
-
cpe:2.3:a:dell:emc_idrac7:2.30.30.30
-
cpe:2.3:a:dell:emc_idrac7:2.35.35.35
-
cpe:2.3:a:dell:emc_idrac7:2.40.40.40
-
cpe:2.3:a:dell:emc_idrac7:2.41.40.40
-
cpe:2.3:a:dell:emc_idrac7:2.43.43.43
-
cpe:2.3:a:dell:emc_idrac7:2.45.45.40
-
cpe:2.3:a:dell:emc_idrac7:2.50.50.50
-
cpe:2.3:a:dell:emc_idrac8:2.01.00.01
-
cpe:2.3:a:dell:emc_idrac8:2.02.01.01
-
cpe:2.3:a:dell:emc_idrac8:2.10.10.10
-
cpe:2.3:a:dell:emc_idrac8:2.15.10.10
-
cpe:2.3:a:dell:emc_idrac8:2.20.20.20
-
cpe:2.3:a:dell:emc_idrac8:2.21.21.21
-
cpe:2.3:a:dell:emc_idrac8:2.22.22.22
-
cpe:2.3:a:dell:emc_idrac8:2.23.23.21
-
cpe:2.3:a:dell:emc_idrac8:2.30.30.30
-
cpe:2.3:a:dell:emc_idrac8:2.35.35.35
-
cpe:2.3:a:dell:emc_idrac8:2.40.40.40
-
cpe:2.3:a:dell:emc_idrac8:2.41.40.40
-
cpe:2.3:a:dell:emc_idrac8:2.43.43.43
-
cpe:2.3:a:dell:emc_idrac8:2.45.45.40
-
cpe:2.3:a:dell:emc_idrac8:2.50.50.50