#VU16672 Privilege escalation in Dell products - CVE-2018-15774

Cybersecurity Help s.r.o.

Published: 2018-12-24 | Updated: 2019-06-10

Vulnerability identifier: #VU16672

Vulnerability risk: Low

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-15774

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
iDRAC9
Web applications / Remote management & hosting panels
iDRAC8
Web applications / Remote management & hosting panels
iDRAC7
Web applications / Remote management & hosting panels

Vendor: Dell

Description
The vulnerability allows a remote authenticated attacker to gain elevated privileges.

The vulnerability exists due to a permissions check flaw in the Redfish interface. A remote authenticated malicious iDRAC user with operator privileges can gain administrator access/

Mitigation
Install update from vendor's website.

Vulnerable software versions

iDRAC9: 3.00.00.00 - 3.22.22.22

iDRAC8: 2.00.00.00 - 2.55.55.50

iDRAC7: 2.10.10.10 - 2.60.60.60

External links
https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Privilege escalation in Dell EMC iDRAC