CVE-2018-1243
published 2018-07-02CVE-2018-1243: Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID…
PriorityP341high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
1.82%
76.0th percentile
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dell | idrac6_firmware | < 2.91 | 2.91 |
| dell | idrac7_firmware | < 2.60.60.60 | 2.60.60.60 |
| dell | idrac8_firmware | < 2.60.60.60 | 2.60.60.60 |
| dell | idrac9_firmware | < 3.21.21.21 | 3.21.21.21 |
| dell_emc | idrac6 | >= unspecified < 2.91 | 2.91 |
| dell_emc | idrac7 | >= unspecified < 2.60.60.60 | 2.60.60.60 |
| dell_emc | idrac8 | >= unspecified < 2.60.60.60 | 2.60.60.60 |
| linux | linux_kernel | >= 3.8.0 < 6.17.2 | 6.17.2 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
f2fs: fix to do sanity check on node footer for non inode dnode
osv·2025-10-28
CVE-2025-40025 f2fs: fix to do sanity check on node footer for non inode dnode
f2fs: fix to do sanity check on node footer for non inode dnode
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on node footer for non inode dnode
As syzbot reported below:
------------[ cut here ]------------
kernel BUG at fs/f2fs/file.c:1243!
Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full)
RIP: 0010:f2fs_truncate_hole+0x69e/0x6c0 fs/f2fs/file.c:1243
Call Trace:
f2fs_punch_hole+0x2db/0x330 fs/f2fs/file.c:1306
f2fs_fallocate+0x546/0x990 fs/f2fs/file.c:2018
vfs_fallocate+0x666/0x7e0 fs/open.c:342
ksys_fallocate fs/open.c:366 [inline]
__do_sys_fallocate fs/open.c:371 [inline]
__se_sys_fallocate fs/open.c:369 [inline]
__x64_sys_fallo
GHSA
GHSA-h4v5-gmcm-p2xx: Dell EMC iDRAC6, versions prior to 2
ghsa_unreviewed·2022-05-13
CVE-2018-1243 [HIGH] CWE-358 GHSA-h4v5-gmcm-p2xx: Dell EMC iDRAC6, versions prior to 2
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
No detection rules found.
No public exploits indexed.
2018-07-02
Published