Sign-up

ID

VAR-201807-0345


CVE

CVE-2018-1212


TITLE

Dell EMC iDRAC6 Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-007906

DESCRIPTION

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system. Dell EMC iDRAC6 Monolithic and Modular are both hardware and software system management solutions of Dell (Dell). This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Trust: 1.8

sources: NVD: CVE-2018-1212 // JVNDB: JVNDB-2018-007906 // VULHUB: VHN-122047 // VULMON: CVE-2018-1212

AFFECTED PRODUCTS

vendor:dellmodel:idrac6 monolithicscope:ltversion:2.91

Trust: 1.8

vendor:dellmodel:idrac6 modularscope: - version: -

Trust: 1.4

vendor:dellmodel:idrac6 modularscope:eqversion:*

Trust: 1.0

vendor:dellmodel:idrac6 monolithicscope:eqversion:1.97

Trust: 0.6

sources: JVNDB: JVNDB-2018-007906 // CNNVD: CNNVD-201807-060 // NVD: CVE-2018-1212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1212
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2018-1212
value: HIGH

Trust: 1.0

NVD: CVE-2018-1212
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-060
value: HIGH

Trust: 0.6

VULHUB: VHN-122047
value: HIGH

Trust: 0.1

VULMON: CVE-2018-1212
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-1212
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-122047
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1212
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-122047 // VULMON: CVE-2018-1212 // JVNDB: JVNDB-2018-007906 // CNNVD: CNNVD-201807-060 // NVD: CVE-2018-1212 // NVD: CVE-2018-1212

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-122047 // JVNDB: JVNDB-2018-007906 // NVD: CVE-2018-1212

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-060

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201807-060

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007906

PATCH
title:Dell iDRAC6url:https://www.dell.com/support/home/jp/ja/jpbsd1/drivers/driversdetails?driverid=3vm7n
Trust: 0.8
title:Dell EMC iDRAC6 Monolithic  and Modular Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81666
Trust: 0.6
title: - url:https://github.com/chnzzh/iDRAC-CVE-lib 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-1212 // 
            
            
            
            JVNDB: JVNDB-2018-007906 // 
            
            
            
            CNNVD: CNNVD-201807-060

EXTERNAL IDS
db:NVDid:CVE-2018-1212
Trust: 2.6
db:JVNDBid:JVNDB-2018-007906
Trust: 0.8
db:CNNVDid:CNNVD-201807-060
Trust: 0.7
db:VULHUBid:VHN-122047
Trust: 0.1
db:VULMONid:CVE-2018-1212
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122047 // 
            
            
            
            VULMON: CVE-2018-1212 // 
            
            
            
            JVNDB: JVNDB-2018-007906 // 
            
            
            
            CNNVD: CNNVD-201807-060 // 
            
            
            
            NVD: CVE-2018-1212

REFERENCES
url:http://en.community.dell.com/techcenter/extras/m/white_papers/20487494
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1212
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1212
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/77.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/chnzzh/idrac-cve-lib
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122047 // 
            
            
            
            VULMON: CVE-2018-1212 // 
            
            
            
            JVNDB: JVNDB-2018-007906 // 
            
            
            
            CNNVD: CNNVD-201807-060 // 
            
            
            
            NVD: CVE-2018-1212

SOURCES
db:VULHUBid:VHN-122047
db:VULMONid:CVE-2018-1212
db:JVNDBid:JVNDB-2018-007906
db:CNNVDid:CNNVD-201807-060
db:NVDid:CVE-2018-1212

LAST UPDATE DATE
2024-11-23T23:05:05.053000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122047date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-1212date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007906date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201807-060date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1212date:2024-11-21T03:59:24.007

SOURCES RELEASE DATE
db:VULHUBid:VHN-122047date:2018-07-02T00:00:00
db:VULMONid:CVE-2018-1212date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007906date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201807-060date:2018-07-03T00:00:00
db:NVDid:CVE-2018-1212date:2018-07-02T17:29:00.257