CVE-2018-1243

Summary

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.

Affected Software

VendorProductVersion RangeStatus
Dell EMCiDRAC6unspecified < 2.91affected
Dell EMCiDRAC7unspecified < 2.60.60.60affected
Dell EMCiDRAC8unspecified < 2.60.60.60affected

Weaknesses

  • Weak CGI session ID vulnerability.

ADP Enrichment

CVE Program Container

Additional References

References