Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
References
Link | Resource |
---|---|
http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 | Vendor Advisory |
http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 - Vendor Advisory |
Information
Published : 2018-03-23 14:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1211
Mitre link : CVE-2018-1211
CVE.ORG link : CVE-2018-1211
JSON object : View
Products Affected
dell
- emc_idrac7
- emc_idrac8
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')