CVE-2018-1211
https://notcve.org/view.php?id=CVE-2018-1211
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. Dell EMC iDRAC7/iDRAC8, en versiones anteriores a la 2.52.52.52, contiene una vulnerabilidad de salto de directorio en su analizador URI del servidor web que podría utilizarse para obtener información sensible específica sin autenticación. Un atacante remoto no autenticado podría leer los ajustes de configuración del iDRAC consultando cadenas URI específicas. • http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2018-1207
https://notcve.org/view.php?id=CVE-2018-1207
Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. Dell EMC iDRAC7/iDRAC8, en versiones anteriores a la 2.52.52.52, contiene una vulnerabilidad de inyección CGI que podría utilizarse para ejecutar código remoto. Un atacante remoto no autenticado podría utilizar variables CGI para ejecutar código remoto. • https://github.com/un4gi/CVE-2018-1207 http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 http://www.securityfocus.com/bid/103694 https://twitter.com/nicowaisman/status/977279766792466432 • CWE-94: Improper Control of Generation of Code ('Code Injection') •