#VU17809 Brute-force attack in Dell products - CVE-2018-1243
Published: February 21, 2019
Vulnerability identifier: #VU17809
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1243
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
iDRAC7
iDRAC8
iDRAC9
iDRAC6
iDRAC7
iDRAC8
iDRAC9
iDRAC6
Software vendor:
Dell
Dell
Description
The vulnerability allows remote attacker to perform brute-force attack on the target system.
The vulnerability exists due to the sessions invoked via CGI binaries use 96-bit numeric-only session ID values. A remote attacker can perform bruteforce session guessing attacks.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
The vulnerability exists due to the sessions invoked via CGI binaries use 96-bit numeric-only session ID values. A remote attacker can perform bruteforce session guessing attacks.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
Remediation
Install updates from vendor's website.