Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.
References
Link | Resource |
---|---|
http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-03-23 07:29
Updated : 2018-04-19 07:55
NVD link : CVE-2018-1211
Mitre link : CVE-2018-1211
JSON object : View
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Products Affected
dell
- emc_idrac8
- emc_idrac7