Multiple Dell Products CVE-2018-1211 Directory Traversal Vulnerability
BID:103768
Info
Multiple Dell Products CVE-2018-1211 Directory Traversal Vulnerability
| Bugtraq ID: | 103768 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1211 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2018 12:00AM |
| Updated: | Mar 20 2018 12:00AM |
| Credit: | Immunity Team (Immunity Inc.) |
| Vulnerable: |
Dell iDRAC8 2.40.40.40 Dell iDRAC8 2.30.30.30 Dell iDRAC8 2.30 Dell iDRAC8 2.21.21.21 Dell iDRAC8 1.4 Dell Idrac7 2.40.40.40 Dell Idrac7 2.30.30.30 Dell Idrac7 2.30 Dell Idrac7 2.21.21.21 Dell Idrac7 1.57.57 Dell Idrac7 1.56.55 |
| Not Vulnerable: |
Dell iDRAC8 2.52.52.52 Dell Idrac7 2.52.52.52 |
Discussion
Multiple Dell Products CVE-2018-1211 Directory Traversal Vulnerability
Multiple Dell Products are prone to a directory-traversal vulnerability.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks.
Versions prior to Dell EMC iDRAC7/iDRAC8 2.52.52.52 are vulnerable.
Multiple Dell Products are prone to a directory-traversal vulnerability.
Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve sensitive information. This may aid in further attacks.
Versions prior to Dell EMC iDRAC7/iDRAC8 2.52.52.52 are vulnerable.
Exploit / POC
Multiple Dell Products CVE-2018-1211 Directory Traversal Vulnerability
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
References
Multiple Dell Products CVE-2018-1211 Directory Traversal Vulnerability
References:
References: