CVE-2018-1243 vulnerability in Dell Products
Published on July 2, 2018

iDRAC6/iDRAC7/iDRAC8 - Weak CGI session ID vulnerability
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.

NVD

Products Associated with CVE-2018-1243

Want to know whenever a new CVE is published for Dell products? stack.watch will email you.

Dell Idrac6 Firmware

Dell Idrac7 Firmware

Dell Idrac8 Firmware

Dell Idrac9 Firmware

Affected Versions

Dell EMC iDRAC6:

Version unspecified and below 2.91 is affected.

Dell EMC iDRAC7:

Version unspecified and below 2.60.60.60 is affected.

Dell EMC iDRAC8:

Version unspecified and below 2.60.60.60 is affected.

Exploit Probability

EPSS

0.35%

Percentile

57.32%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2018-1243 vulnerability in Dell ProductsPublished on July 2, 2018

Products Associated with CVE-2018-1243

Affected Versions

Exploit Probability

CVE-2018-1243 vulnerability in Dell Products
Published on July 2, 2018