CVE-2018-1212

Summary

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.

Affected Software

VendorProductVersion RangeStatus
Dell EMCiDRAC6 (Monolithic)unspecified < 2.91affected
Dell EMCiDRAC6 (Modular)unspecified <= 3.85affected

Weaknesses

  • Authenticated remote code execution command injection vulnerability.

ADP Enrichment

CVE Program Container

Additional References

References