CVE-2018-1212: Authenticated remote code execution in iDRAC 6
First published: Mon Jul 02 2018(Updated: )
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dell iDRAC6 | ||
| Dell iDRAC6 modular | <2.91 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-1212?
CVE-2018-1212 is classified as a high-severity command injection vulnerability.
How do I fix CVE-2018-1212?
To mitigate CVE-2018-1212, upgrade to Dell EMC iDRAC6 version 2.91 or later for monolithic versions or ensure modular versions are updated.
Who is affected by CVE-2018-1212?
CVE-2018-1212 affects remote authenticated users of Dell iDRAC6 modular and monolithic systems prior to version 2.91.
What type of vulnerability is CVE-2018-1212?
CVE-2018-1212 is a command injection vulnerability within the web-based diagnostics console of Dell EMC iDRAC6.
Can CVE-2018-1212 be exploited remotely?
Yes, CVE-2018-1212 can be potentially exploited by a remote authenticated malicious user with access to the diagnostics console.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/dell
- canonical/dell idrac6
- canonical/dell idrac6 modular