iDRAC7/iDRAC8/iDrac9 contains a command injection vulnerability in the SNMP agent.
CVE-2018-1244

8.8HIGH

Key Information:

Vendor: Dell
Status: Idrac7; Idrac8; Idrac9
Vendor: CVE Published:; 2 July 2018

Summary

Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.

Affected Version(s)

iDRAC7 < 2.60.60.60

iDRAC8 < 2.60.60.60

iDRAC9 < 3.21.21.21

References

http://www.securityfocus.com/bid/104964

vdb-entryx_refsource_BID

http://en.community.dell.com/techcenter/extras/m/white_pa...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2018
Vulnerability Reserved
Dec 6, 2017