Sign-up

ID

VAR-201803-1416


CVE

CVE-2018-1211


TITLE

Dell EMC iDRAC7 and iDRAC8 Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003352

DESCRIPTION

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings. Dell EMC iDRAC7 and iDRAC8 Contains a path traversal vulnerability.Information may be obtained. Multiple Dell Products are prone to a directory-traversal vulnerability. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Web server is one of the web servers. URI parser is one of the URI parsers

Trust: 2.07

sources: NVD: CVE-2018-1211 // JVNDB: JVNDB-2018-003352 // BID: 103768 // VULHUB: VHN-122036 // VULMON: CVE-2018-1211

AFFECTED PRODUCTS

vendor:dellmodel:emc idrac7scope:ltversion:2.52.52.52

Trust: 1.8

vendor:dellmodel:emc idrac8scope:ltversion:2.52.52.52

Trust: 1.8

vendor:dellmodel:idrac8scope:eqversion:2.40.40.40

Trust: 0.3

vendor:dellmodel:idrac8scope:eqversion:2.30.30.30

Trust: 0.3

vendor:dellmodel:idrac8scope:eqversion:2.30

Trust: 0.3

vendor:dellmodel:idrac8scope:eqversion:2.21.21.21

Trust: 0.3

vendor:dellmodel:idrac8scope:eqversion:1.4

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:2.40.40.40

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:2.30.30.30

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:2.30

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:2.21.21.21

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:1.57.57

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:1.56.55

Trust: 0.3

vendor:dellmodel:idrac8scope:neversion:2.52.52.52

Trust: 0.3

vendor:dellmodel:idrac7scope:neversion:2.52.52.52

Trust: 0.3

sources: BID: 103768 // JVNDB: JVNDB-2018-003352 // NVD: CVE-2018-1211

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1211
value: HIGH

Trust: 1.0

NVD: CVE-2018-1211
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-908
value: MEDIUM

Trust: 0.6

VULHUB: VHN-122036
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-1211
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1211
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-122036
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1211
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-122036 // VULMON: CVE-2018-1211 // JVNDB: JVNDB-2018-003352 // CNNVD: CNNVD-201803-908 // NVD: CVE-2018-1211

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-122036 // JVNDB: JVNDB-2018-003352 // NVD: CVE-2018-1211

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-908

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201803-908

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003352

PATCH
title:Dell EMC iDRAC Response to Common Vulnerabilities and Exposures CVE-2018-1207, CVE-2018-1211, and CVE-2018-1000116 [20 March 2018]url:http://en.community.dell.com/techcenter/extras/m/white_papers/20485410
Trust: 0.8
title:Dell EMC iDRAC7  and iDRAC8 Web server URI Fixes for resolver path traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79405
Trust: 0.6
title: - url:https://github.com/chnzzh/iDRAC-CVE-lib 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-1211 // 
            
            
            
            JVNDB: JVNDB-2018-003352 // 
            
            
            
            CNNVD: CNNVD-201803-908

EXTERNAL IDS
db:NVDid:CVE-2018-1211
Trust: 2.9
db:JVNDBid:JVNDB-2018-003352
Trust: 0.8
db:CNNVDid:CNNVD-201803-908
Trust: 0.7
db:BIDid:103768
Trust: 0.4
db:VULHUBid:VHN-122036
Trust: 0.1
db:VULMONid:CVE-2018-1211
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122036 // 
            
            
            
            VULMON: CVE-2018-1211 // 
            
            
            
            BID: 103768 // 
            
            
            
            JVNDB: JVNDB-2018-003352 // 
            
            
            
            CNNVD: CNNVD-201803-908 // 
            
            
            
            NVD: CVE-2018-1211

REFERENCES
url:http://en.community.dell.com/techcenter/extras/m/white_papers/20485410
Trust: 2.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1211
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1211
Trust: 0.8
url:http://dell.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/22.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/chnzzh/idrac-cve-lib
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122036 // 
            
            
            
            VULMON: CVE-2018-1211 // 
            
            
            
            BID: 103768 // 
            
            
            
            JVNDB: JVNDB-2018-003352 // 
            
            
            
            CNNVD: CNNVD-201803-908 // 
            
            
            
            NVD: CVE-2018-1211

CREDITS
Immunity Team (Immunity Inc.)
Trust: 0.3
sources:
            
            
            BID: 103768

SOURCES
db:VULHUBid:VHN-122036
db:VULMONid:CVE-2018-1211
db:BIDid:103768
db:JVNDBid:JVNDB-2018-003352
db:CNNVDid:CNNVD-201803-908
db:NVDid:CVE-2018-1211

LAST UPDATE DATE
2024-11-23T22:59:05.283000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122036date:2018-04-19T00:00:00
db:VULMONid:CVE-2018-1211date:2018-04-19T00:00:00
db:BIDid:103768date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003352date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-908date:2018-03-26T00:00:00
db:NVDid:CVE-2018-1211date:2024-11-21T03:59:23.897

SOURCES RELEASE DATE
db:VULHUBid:VHN-122036date:2018-03-23T00:00:00
db:VULMONid:CVE-2018-1211date:2018-03-23T00:00:00
db:BIDid:103768date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2018-003352date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-908date:2018-03-26T00:00:00
db:NVDid:CVE-2018-1211date:2018-03-23T14:29:00.353