CVE-2018-1243

Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
dellCNA
7.5 HIGH
NETWORK
HIGH
LOW
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
dellidrac6_firmware
𝑥
< 2.91
dellidrac7_firmware
𝑥
< 2.60.60.60
dellidrac8_firmware
𝑥
< 2.60.60.60
dellidrac9_firmware
𝑥
< 3.21.21.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://en.community.dell.com/techcenter/extras/m/white_papers/20487494
http://en.community.dell.com/techcenter/extras/m/white_papers/20487494