CVE-2018-1244

Summary

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.

Affected Software

VendorProductVersion RangeStatus
Dell EMCiDRAC7unspecified < 2.60.60.60affected
Dell EMCiDRAC8unspecified < 2.60.60.60affected
Dell EMCiDRAC9unspecified < 3.21.21.21affected

Weaknesses

  • Command injection vulnerability in the SNMP agent.

ADP Enrichment

CVE Program Container

Additional References

References