Dell EMC iDRAC6 up to 2.90 Web-based Diagnostics Console command injection

Summaryinfo

A vulnerability has been found in Dell EMC iDRAC6 up to 2.90 and classified as critical. The affected element is an unknown function of the component Web-based Diagnostics Console. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2018-1212. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

Detailsinfo

A vulnerability was found in Dell EMC iDRAC6 up to 2.90 and classified as critical. This issue affects an unknown part of the component Web-based Diagnostics Console. The manipulation with an unknown input leads to a command injection vulnerability. Using CWE to declare the problem leads to CWE-77. The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.

The bug was discovered 06/26/2018. The weakness was disclosed 07/02/2018 (Website). The advisory is shared at en.community.dell.com. The identification of this vulnerability is CVE-2018-1212 since 12/06/2017. The attack may be initiated remotely. A simple authentication is necessary for exploitation. Neither technical details nor an exploit are publicly available. MITRE ATT&CK project uses the attack technique T1202 for this issue.

The vulnerability scanner Nessus provides a plugin with the ID 111604 (Dell iDRAC Products Multiple Vulnerabilities (June 2018)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family CGI abuses and running in the context r. The commercial vulnerability scanner Qualys is able to test this issue with plugin 13191 (Dell iDRAC Multiple Security Vulnerabilities(June 2018)).

Upgrading to version 2.91 eliminates this vulnerability. A possible mitigation has been published even before and not after the disclosure of the vulnerability.

The vulnerability is also documented in the vulnerability database at Tenable (111604). The entries VDB-120139, VDB-120140 and VDB-120141 are pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Vendor

• Dell EMC

Name

• iDRAC6

Version

• 2.0
• 2.1
• 2.2
• 2.3
• 2.4
• 2.5
• 2.6
• 2.7
• 2.8
• 2.9
• 2.10
• 2.11
• 2.12
• 2.13
• 2.14
• 2.15
• 2.16
• 2.17
• 2.18
• 2.19
• 2.20
• 2.21
• 2.22
• 2.23
• 2.24
• 2.25
• 2.26
• 2.27
• 2.28
• 2.29
• 2.30
• 2.31
• 2.32
• 2.33
• 2.34
• 2.35
• 2.36
• 2.37
• 2.38
• 2.39
• 2.40
• 2.41
• 2.42
• 2.43
• 2.44
• 2.45
• 2.46
• 2.47
• 2.48
• 2.49
• 2.50
• 2.51
• 2.52
• 2.53
• 2.54
• 2.55
• 2.56
• 2.57
• 2.58
• 2.59
• 2.60
• 2.61
• 2.62
• 2.63
• 2.64
• 2.65
• 2.66
• 2.67
• 2.68
• 2.69
• 2.70
• 2.71
• 2.72
• 2.73
• 2.74
• 2.75
• 2.76
• 2.77
• 2.78
• 2.79
• 2.80
• 2.81
• 2.82
• 2.83
• 2.84
• 2.85
• 2.86
• 2.87
• 2.88
• 2.89
• 2.90

License

• commercial

Website

• Vendor: https://www.dellemc.com/

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Discussion