Vulnerability Details CVE-2018-1211
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.1%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2018-1211
-
cpe:2.3:a:dell:emc_idrac7:2.01.00.01
-
cpe:2.3:a:dell:emc_idrac7:2.02.01.01
-
cpe:2.3:a:dell:emc_idrac7:2.10.10.10
-
cpe:2.3:a:dell:emc_idrac7:2.15.10.10
-
cpe:2.3:a:dell:emc_idrac7:2.20.20.20
-
cpe:2.3:a:dell:emc_idrac7:2.21.21.21
-
cpe:2.3:a:dell:emc_idrac7:2.22.22.22
-
cpe:2.3:a:dell:emc_idrac7:2.23.23.21
-
cpe:2.3:a:dell:emc_idrac7:2.30.30.30
-
cpe:2.3:a:dell:emc_idrac7:2.35.35.35
-
cpe:2.3:a:dell:emc_idrac7:2.40.40.40
-
cpe:2.3:a:dell:emc_idrac7:2.41.40.40
-
cpe:2.3:a:dell:emc_idrac7:2.43.43.43
-
cpe:2.3:a:dell:emc_idrac7:2.45.45.40
-
cpe:2.3:a:dell:emc_idrac7:2.50.50.50
-
cpe:2.3:a:dell:emc_idrac8:2.01.00.01
-
cpe:2.3:a:dell:emc_idrac8:2.02.01.01
-
cpe:2.3:a:dell:emc_idrac8:2.10.10.10
-
cpe:2.3:a:dell:emc_idrac8:2.15.10.10
-
cpe:2.3:a:dell:emc_idrac8:2.20.20.20
-
cpe:2.3:a:dell:emc_idrac8:2.21.21.21
-
cpe:2.3:a:dell:emc_idrac8:2.22.22.22
-
cpe:2.3:a:dell:emc_idrac8:2.23.23.21
-
cpe:2.3:a:dell:emc_idrac8:2.30.30.30
-
cpe:2.3:a:dell:emc_idrac8:2.35.35.35
-
cpe:2.3:a:dell:emc_idrac8:2.40.40.40
-
cpe:2.3:a:dell:emc_idrac8:2.41.40.40
-
cpe:2.3:a:dell:emc_idrac8:2.43.43.43
-
cpe:2.3:a:dell:emc_idrac8:2.45.45.40
-
cpe:2.3:a:dell:emc_idrac8:2.50.50.50