CVE-2018-1212
Authenticated remote code execution in iDRAC 6
Severity Score
8.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
La consola web de diagnóstico en Dell EMC iDRAC6 (versiones Monolithic anteriores a la 2.91 y Modular en todas las versiones) contiene una vulnerabilidad de inyección de comandos. Un usuario iDRAC autenticado, remoto y malicioso con acceso a la consola de diagnóstico podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios como root en el sistema iDRAC afectado.
*Credits:
Dell EMC would like to thank Arseniy for reporting this issue to us.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-12-06 CVE Reserved
- 2018-07-02 CVE Published
- 2024-08-21 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://en.community.dell.com/techcenter/extras/m/white_papers/20487494 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Idrac6 Modular Search vendor "Dell" for product "Idrac6 Modular" | * | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Idrac6 Monolithic Search vendor "Dell" for product "Idrac6 Monolithic" | < 2.91 Search vendor "Dell" for product "Idrac6 Monolithic" and version " < 2.91" | - |
Affected
| ||||||