Dell Emc Idrac6 vulnerabilities
2 known vulnerabilities affecting dell_emc/idrac6.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2018-1212P3HIGHCVSS 8.8≥ unspecified, < 2.91≥ unspecified, ≤ 3.852018-07-02
CVE-2018-1212 [HIGH] CWE-77 CVE-2018-1212: The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular
The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
nvd
CVE-2018-1243P3HIGHCVSS 7.5≥ unspecified, < 2.912018-07-02
CVE-2018-1243 [HIGH] CWE-358 CVE-2018-1243: Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, ver
Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
nvd