CVE-2018-1243 Information
Feb 14, 2021
cve
Description
Dell EMC iDRAC6 versions prior to 2.91 iDRAC7/iDRAC8 versions prior to 2.60.60.60 and iDRAC9 versions prior to 3.21.21.21 contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values which makes it easier for remote attackers to perform bruteforce session guessing attacks.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
http://en.community.dell.com/techcenter/extras/m/white_papers/20487494
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: