{"containers": {"cna": {"affected": [{"product": "iDRAC7/iDRAC8", "vendor": "Dell EMC", "versions": [{"status": "affected", "version": "versions prior to 2.52.52.52"}]}], "datePublic": "2018-03-20T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings."}], "problemTypes": [{"descriptions": [{"description": "path traversal vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-23T13:57:01.000Z", "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "shortName": "dell"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security_alert@emc.com", "DATE_PUBLIC": "2018-03-20T00:00:00", "ID": "CVE-2018-1211", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iDRAC7/iDRAC8", "version": {"version_data": [{"version_value": "versions prior to 2.52.52.52"}]}}]}, "vendor_name": "Dell EMC"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "path traversal vulnerability"}]}]}, "references": {"reference_data": [{"name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410", "refsource": "MISC", "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:51:48.979Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"}]}]}, "cveMetadata": {"assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe", "assignerShortName": "dell", "cveId": "CVE-2018-1211", "datePublished": "2018-03-23T14:00:00.000Z", "dateReserved": "2017-12-06T00:00:00.000Z", "dateUpdated": "2024-09-16T20:22:05.961Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:*", "matchCriteriaId": "E41F5175-E4C0-40BC-A7AD-F0681CED1B35", "versionEndExcluding": "2.52.52.52", "vulnerable": true}, {"criteria": "cpe:2.3:a:dell:emc_idrac8:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DB163F4-B9BB-4360-ADE0-402FB95C52CB", "versionEndExcluding": "2.52.52.52", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings."}, {"lang": "es", "value": "Dell EMC iDRAC7/iDRAC8, en versiones anteriores a la 2.52.52.52, contiene una vulnerabilidad de salto de directorio en su analizador URI del servidor web que podr\u00eda utilizarse para obtener informaci\u00f3n sensible espec\u00edfica sin autenticaci\u00f3n. Un atacante remoto no autenticado podr\u00eda leer los ajustes de configuraci\u00f3n del iDRAC consultando cadenas URI espec\u00edficas."}], "id": "CVE-2018-1211", "lastModified": "2024-11-21T03:59:23.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-03-23T14:29:00.353", "references": [{"source": "security_alert@emc.com", "tags": ["Vendor Advisory"], "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20485410"}], "sourceIdentifier": "security_alert@emc.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}