CVE-2018-1212
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Dell EMC | iDRAC6 (Monolithic) | unspecified < 2.91 | affected |
| Dell EMC | iDRAC6 (Modular) | unspecified <= 3.85 | affected |
Weaknesses
- Authenticated remote code execution command injection vulnerability.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.