CVE-2018-1243

Name of the Vulnerable Software and Affected Versions Dell EMC iDRAC6 versions prior to 2.91 Dell EMC iDRAC7/iDRAC8 versions prior to 2.60.60.60 Dell EMC iDRAC9 versions prior to 3.21.21.21

Description The issue concerns a weak CGI session ID. Sessions invoked via CGI binaries use 96-bit numeric-only session ID values. This weakness makes it easier for remote attackers to perform brute-force session guessing attacks.

Recommendations For Dell EMC iDRAC6 versions prior to 2.91, update to version 2.91 or later. For Dell EMC iDRAC7/iDRAC8 versions prior to 2.60.60.60, update to version 2.60.60.60 or later. For Dell EMC iDRAC9 versions prior to 3.21.21.21, update to version 3.21.21.21 or later.