Vulnerability Description
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Idrac7 Firmware | < 2.60.60.60 |
| Dell | Idrac8 Firmware | < 2.60.60.60 |
| Dell | Idrac9 Firmware | < 3.21.21.21 |
Related Weaknesses (CWE)
References
- http://en.community.dell.com/techcenter/extras/m/white_papers/20487494Vendor Advisory
- http://www.securityfocus.com/bid/104964Third Party AdvisoryVDB Entry
- http://en.community.dell.com/techcenter/extras/m/white_papers/20487494Vendor Advisory
- http://www.securityfocus.com/bid/104964Third Party AdvisoryVDB Entry
FAQ
What is CVE-2018-1244?
CVE-2018-1244 is a vulnerability with a CVSS score of 8.8 (HIGH). Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user w...
How severe is CVE-2018-1244?
CVE-2018-1244 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1244?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Idrac7 Firmware, Dell Idrac8 Firmware, Dell Idrac9 Firmware.