Privilege escalation in Dell EMC iDRAC
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-15774 CVE-2018-15776 |
| CWE-ID | CWE-264 CWE-388 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
iDRAC9 Web applications / Remote management & hosting panels iDRAC8 Web applications / Remote management & hosting panels iDRAC7 Web applications / Remote management & hosting panels |
| Vendor | Dell |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU16672
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-15774
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated attacker to gain elevated privileges.
The vulnerability exists due to a permissions check flaw in the Redfish interface. A remote authenticated malicious iDRAC user with operator privileges can gain administrator access/
MitigationInstall update from vendor's website.
Vulnerable software versionsiDRAC9: 3.00.00.00 - 3.22.22.22
iDRAC8: 2.00.00.00 - 2.55.55.50
iDRAC7: 2.10.10.10 - 2.60.60.60
CPE2.3- cpe:2.3:a:dell:idrac9:3.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac9:3.01.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac9:3.02.00.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.02.01.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.04.02.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.10.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.13.13.12:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.15.10.10:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Error handling
EUVDB-ID: #VU16673
Risk: Low
CVSSv4.0: 4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-15776
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker to gain elevated privileges.
The vulnerability exists due to improper error handling. A physical attacker with operator privileges can gain elevated privileges and get access to the u-boot shell.
MitigationInstall update from vendor's website.
Vulnerable software versionsiDRAC8: 2.00.00.00 - 2.55.55.50
iDRAC7: 2.10.10.10 - 2.60.60.60
CPE2.3- cpe:2.3:a:dell:idrac8:2.00.00.00:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.02.01.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac8:2.04.02.01:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.10.10.10:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.13.13.12:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:2.15.10.10:*:*:*:*:*:*:*
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
