First published: Tue Jun 26 2018(Updated: )
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
Credit: security_alert@emc.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dell Idrac7 Firmware | <2.60.60.60 | |
Dell Idrac8 Firmware | <2.60.60.60 | |
Dell Idrac9 Firmware | <3.21.21.21 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-1244 is a vulnerability in Dell EMC iDRAC7/iDRAC8 and iDRAC9 that allows remote authenticated users to execute arbitrary commands.
CVE-2018-1244 has a severity score of 8.8, which is considered high.
CVE-2018-1244 allows remote authenticated users with configuration privileges to exploit a command injection vulnerability in the SNMP agent, potentially leading to the execution of arbitrary commands.
Versions of Dell EMC iDRAC7/iDRAC8 prior to 2.60.60.60 are affected by CVE-2018-1244.
Versions of Dell EMC iDRAC9 prior to 3.21.21.21 are affected by CVE-2018-1244.