Brute-force attack in Dell products - CVE-2018-1243
Published: February 21, 2019
Vulnerability identifier: #VU17809
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-1243
CWE-ID: CWE-77
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Dell
Affected software:
iDRAC7
iDRAC8
iDRAC9
iDRAC6
iDRAC7
iDRAC8
iDRAC9
iDRAC6
Detailed vulnerability description
The vulnerability allows remote attacker to perform brute-force attack on the target system.
The vulnerability exists due to the sessions invoked via CGI binaries use 96-bit numeric-only session ID values. A remote attacker can perform bruteforce session guessing attacks.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
The vulnerability exists due to the sessions invoked via CGI binaries use 96-bit numeric-only session ID values. A remote attacker can perform bruteforce session guessing attacks.
Successful exploitation of this vulnerability may result in unauthorized access to the system.
How to mitigate CVE-2018-1243
Install updates from vendor's website.