Vulnerability Details CVE-2018-1244
Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.019
EPSS Ranking 82.3%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
Products affected by CVE-2018-1244
-
cpe:2.3:o:dell:idrac7_firmware:1.00.00
-
cpe:2.3:o:dell:idrac7_firmware:1.06.06
-
cpe:2.3:o:dell:idrac7_firmware:1.10.10
-
cpe:2.3:o:dell:idrac7_firmware:1.20.20
-
cpe:2.3:o:dell:idrac7_firmware:1.23.23
-
cpe:2.3:o:dell:idrac7_firmware:1.37.35
-
cpe:2.3:o:dell:idrac7_firmware:1.40.40
-
cpe:2.3:o:dell:idrac7_firmware:2.30.30.30
-
cpe:2.3:o:dell:idrac8_firmware:2.00.00.00
-
cpe:2.3:o:dell:idrac8_firmware:2.30.30.30
-
cpe:2.3:o:dell:idrac8_firmware:2.52.52.52
-
cpe:2.3:o:dell:idrac9_firmware:3.00.00.00
-
cpe:2.3:o:dell:idrac9_firmware:3.11.11.11
-
cpe:2.3:o:dell:idrac9_firmware:3.15.15.15
-
cpe:2.3:o:dell:idrac9_firmware:3.15.17.15
-
cpe:2.3:o:dell:idrac9_firmware:3.15.19.15
-
cpe:2.3:o:dell:idrac9_firmware:3.16.16.16
-
cpe:2.3:o:dell:idrac9_firmware:3.17.17.17
-
cpe:2.3:o:dell:idrac9_firmware:3.17.18.17
-
cpe:2.3:o:dell:idrac9_firmware:3.17.20.17
-
cpe:2.3:o:dell:idrac9_firmware:3.18.18.18
-
cpe:2.3:o:dell:idrac9_firmware:3.19.19.19
-
cpe:2.3:o:dell:idrac9_firmware:3.20.20.20
-
cpe:2.3:o:dell:idrac9_firmware:3.20.21.20