Sign-up

ID

VAR-201807-1252


CVE

CVE-2018-1243


TITLE

plural Dell iDRAC Vulnerabilities related to security checks in products

Trust: 0.8

sources: JVNDB: JVNDB-2018-007907

DESCRIPTION

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks. plural Dell iDRAC The product contains a security check vulnerability.Information may be obtained. Dell EMC iDRAC6 and others are system management solutions of Dell (Dell), including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. Attackers can exploit this vulnerability to perform brute force attacks on user sessions

Trust: 1.8

sources: NVD: CVE-2018-1243 // JVNDB: JVNDB-2018-007907 // VULHUB: VHN-122388 // VULMON: CVE-2018-1243

AFFECTED PRODUCTS

vendor:dellmodel:idrac6scope:ltversion:2.91

Trust: 1.8

vendor:dellmodel:idrac7scope:ltversion:2.60.60.60

Trust: 1.8

vendor:dellmodel:idrac8scope:ltversion:2.60.60.60

Trust: 1.8

vendor:dellmodel:idrac9scope:ltversion:3.21.21.21

Trust: 1.8

vendor:dellmodel:idrac7scope:eqversion:1.10.10

Trust: 0.6

vendor:dellmodel:idrac7scope:eqversion:1.23.23

Trust: 0.6

vendor:dellmodel:idrac7scope:eqversion:1.00.00

Trust: 0.6

vendor:dellmodel:idrac6scope:eqversion:1.7

Trust: 0.6

vendor:dellmodel:idrac7scope:eqversion:1.40.40

Trust: 0.6

vendor:dellmodel:idrac7scope:eqversion:1.06.06

Trust: 0.6

vendor:dellmodel:idrac7scope:eqversion:1.20.20

Trust: 0.6

vendor:dellmodel:idrac7scope:eqversion:1.37.35

Trust: 0.6

vendor:dellmodel:idrac6scope:eqversion:1.8

Trust: 0.6

vendor:dellmodel:idrac6scope:eqversion:1.95

Trust: 0.6

sources: JVNDB: JVNDB-2018-007907 // CNNVD: CNNVD-201807-058 // NVD: CVE-2018-1243

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1243
value: HIGH

Trust: 1.0

security_alert@emc.com: CVE-2018-1243
value: HIGH

Trust: 1.0

NVD: CVE-2018-1243
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201807-058
value: HIGH

Trust: 0.6

VULHUB: VHN-122388
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-1243
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-1243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-122388
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-1243
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

security_alert@emc.com: CVE-2018-1243
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.6
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-122388 // VULMON: CVE-2018-1243 // JVNDB: JVNDB-2018-007907 // CNNVD: CNNVD-201807-058 // NVD: CVE-2018-1243 // NVD: CVE-2018-1243

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.9

sources: VULHUB: VHN-122388 // JVNDB: JVNDB-2018-007907 // NVD: CVE-2018-1243

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-058

TYPE

security feature problem

Trust: 0.6

sources: CNNVD: CNNVD-201807-058

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-007907

PATCH
title:iDRAC9 Homeurl:https://www.dell.com/support/article/jp/ja/jpdhs1/sln311300/idrac9-home?lang=ja
Trust: 0.8
title:Multiple Dell Product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=81664
Trust: 0.6
title: - url:https://github.com/chnzzh/iDRAC-CVE-lib 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-1243 // 
            
            
            
            JVNDB: JVNDB-2018-007907 // 
            
            
            
            CNNVD: CNNVD-201807-058

EXTERNAL IDS
db:NVDid:CVE-2018-1243
Trust: 2.6
db:JVNDBid:JVNDB-2018-007907
Trust: 0.8
db:CNNVDid:CNNVD-201807-058
Trust: 0.7
db:VULHUBid:VHN-122388
Trust: 0.1
db:VULMONid:CVE-2018-1243
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122388 // 
            
            
            
            VULMON: CVE-2018-1243 // 
            
            
            
            JVNDB: JVNDB-2018-007907 // 
            
            
            
            CNNVD: CNNVD-201807-058 // 
            
            
            
            NVD: CVE-2018-1243

REFERENCES
url:http://en.community.dell.com/techcenter/extras/m/white_papers/20487494
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1243
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1243
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/358.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/chnzzh/idrac-cve-lib
Trust: 0.1
sources:
            
            
            VULHUB: VHN-122388 // 
            
            
            
            VULMON: CVE-2018-1243 // 
            
            
            
            JVNDB: JVNDB-2018-007907 // 
            
            
            
            CNNVD: CNNVD-201807-058 // 
            
            
            
            NVD: CVE-2018-1243

SOURCES
db:VULHUBid:VHN-122388
db:VULMONid:CVE-2018-1243
db:JVNDBid:JVNDB-2018-007907
db:CNNVDid:CNNVD-201807-058
db:NVDid:CVE-2018-1243

LAST UPDATE DATE
2024-11-23T23:05:03.772000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-122388date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-1243date:2019-10-09T00:00:00
db:JVNDBid:JVNDB-2018-007907date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201807-058date:2019-10-17T00:00:00
db:NVDid:CVE-2018-1243date:2024-11-21T03:59:27.130

SOURCES RELEASE DATE
db:VULHUBid:VHN-122388date:2018-07-02T00:00:00
db:VULMONid:CVE-2018-1243date:2018-07-02T00:00:00
db:JVNDBid:JVNDB-2018-007907date:2018-10-01T00:00:00
db:CNNVDid:CNNVD-201807-058date:2018-07-03T00:00:00
db:NVDid:CVE-2018-1243date:2018-07-02T17:29:00.347