First published: Mon Jul 02 2018(Updated: )
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Idrac6 Firmware | <2.91 | |
Dell Idrac7 Firmware | <2.60.60.60 | |
Dell Idrac8 Firmware | <2.60.60.60 | |
Dell Idrac9 Firmware | <3.21.21.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1243 is a vulnerability found in Dell EMC iDRAC6, iDRAC7/iDRAC8, and iDRAC9 that allows remote attackers to exploit weak CGI session ID values.
Versions prior to 2.91 of Dell EMC iDRAC6 are affected by CVE-2018-1243.
Versions prior to 2.60.60.60 of Dell EMC iDRAC7 and iDRAC8 are affected by CVE-2018-1243.
Versions prior to 3.21.21.21 of Dell EMC iDRAC9 are affected by CVE-2018-1243.
CVE-2018-1243 has a severity rating of 7.5 (high).
To fix CVE-2018-1243, update Dell EMC iDRAC6 to version 2.91 or later, iDRAC7 and iDRAC8 to version 2.60.60.60 or later, and iDRAC9 to version 3.21.21.21 or later.
You can find more information about CVE-2018-1243 at http://en.community.dell.com/techcenter/extras/m/white_papers/20487494.