Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability

Bugtraq ID:	104964
Class:	Unknown
CVE:	CVE-2018-1244
Remote:	Yes
Local:	No
Published:	Aug 06 2018 12:00AM
Updated:	Aug 06 2018 12:00AM
Credit:	The vendor reported these issues.
Vulnerable:	Dell EMC iDRAC9 3.0 Dell EMC iDRAC8 2.52.52.52 Dell EMC iDRAC7 2.52.52.52
Not Vulnerable:	Dell EMC iDRAC9 3.21.21.21 Dell EMC iDRAC8 2.60.60.60 Dell EMC iDRAC7 2.60.60.60

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability

Multiple Dell EMC Products are prone to remote command-injection vulnerability.

Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

The following products are affected:

Dell EMC iDRAC7 versions prior to 2.60.60.60
Dell EMC iDRAC8, versions prior to 2.60.60.60
Dell EMC iDRAC9 versions prior to 3.21.21.21

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple Dell EMC Products CVE-2018-1244 Remote Command Injection Vulnerability

References:

• EMC Homepage (EMC)
  
• Dell EMC iDRAC response to multiple CVE's June 2018 (Dell)