Dell EMC iDRAC Service Module CVE-2018-11053 Insecure File Permissions Vulnerability

Bugtraq ID:	104567
Class:	Design Error
CVE:	CVE-2018-11053
Remote:	Yes
Local:	No
Published:	Jun 26 2018 12:00AM
Updated:	Jun 26 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	Dell EMC iDRAC Service Module 3.2.0 Dell EMC iDRAC Service Module 3.1.0 Dell EMC iDRAC Service Module 3.0.2 Dell EMC iDRAC Service Module 3.0.1
Not Vulnerable:	Dell EMC iDRAC Service Module 3.2.0.1 Dell EMC iDRAC Service Module 3.1.0.1

Dell EMC iDRAC Service Module CVE-2018-11053 Insecure File Permissions Vulnerability

Dell EMC iDRAC Service Module is prone to an insecure file-permissions vulnerability.

Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks.

EMC iDRAC Service Module 3.0.1, 3.0.2, 3.1.0, and 3.2.0 are vulnerable.

Dell EMC iDRAC Service Module CVE-2018-11053 Insecure File Permissions Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Dell EMC iDRAC Service Module CVE-2018-11053 Insecure File Permissions Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Dell EMC iDRAC Service Module CVE-2018-11053 Insecure File Permissions Vulnerability

References:

• Dell Homepage (Dell)
  
• iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability (Dell)