Multiple vulnerabilities in Dell EMC iDRAC7/iDRAC8
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2018-1207 CVE-2018-1211 CVE-2018-1000116 |
| CWE-ID | CWE-77 CWE-22 CWE-229 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
iDRAC7 Web applications / Remote management & hosting panels iDRAC8 Web applications / Remote management & hosting panels iDRAC9 Web applications / Remote management & hosting panels |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Command injection
EUVDB-ID: #VU12132
Risk: High
CVSSv4.0: 8.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2018-1207
CWE-ID:
CWE-77 - Command injection
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to CGI injection. A remote attacker can use CGI variables and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Update to version 2.52.52.52.
Vulnerable software versionsiDRAC7: 2.10.10.10 - 2.50.50.50
iDRAC8: 2.00.00.00 - 2.50.50.50
CPE2.3- cpe:2.3:a:dell:idrac7:2.10.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.13.13.12:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.15.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.02.01.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.04.02.01:*:*:*:*:*:*:*
https://en.community.dell.com/techcenter/extras/m/white_papers/20485410
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Path traversal
EUVDB-ID: #VU12133
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-1211
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists in the Web server's URI parser due to path traversal. A remote attacker can read configuration settings from the iDRAC by querying specific URI strings.
Update to version 2.52.52.52.
Vulnerable software versionsiDRAC7: 2.10.10.10 - 2.50.50.50
iDRAC8: 2.00.00.00 - 2.50.50.50
CPE2.3- cpe:2.3:a:dell:idrac7:2.10.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.13.13.12:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.15.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.02.01.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.04.02.01:*:*:*:*:*:*:*
https://en.community.dell.com/techcenter/extras/m/white_papers/20485410
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Remote code execution
EUVDB-ID: #VU11081
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-1000116
CWE-ID:
CWE-229 - Improper Handling of Values
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to execute arbitrary code on the target system.
The weakness exists due to insufficient handling of UDP packets. A remote attacker can submit a specially crafted UDP packet and execute arbitrary code.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsiDRAC9: 3.00.00.00 - 3.20.21.20
iDRAC8: 2.00.00.00 - 2.50.50.50
iDRAC7: 2.10.10.10 - 2.50.50.50
CPE2.3- cpe:2.3:a:dell:idrac9:3.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac9:3.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac9:3.02.00.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.02.01.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.04.02.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.10.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.13.13.12:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.15.10.10:*:*:*:*:*:*:*
https://en.community.dell.com/techcenter/extras/m/white_papers/20485410
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
