Attacker Value
Low
(1 user assessed)
Exploitability
Very Low
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
2

CVE-2018-1211

Disclosure Date: March 23, 2018
CVE-2018-1211
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server’s URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.

Add Assessment

1
Ratings
  • Attacker Value
    Low
  • Exploitability
    Very Low
Common in enterpriseUnauthenticatedVulnerable in default configuration
Technical Analysis

It should be easy to exploit but there is no known public exploit.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
iDRAC7/iDRAC8 versions prior to 2.52.52.52
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • dell

Products

  • emc idrac7,
  • emc idrac8

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis