admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2018/CVE-2018-12xx/CVE-2018-1244.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

145 lines
4.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2018-1244",
"sourceIdentifier": "security_alert@emc.com",
"published": "2018-07-02T17:29:00.380",
"lastModified": "2019-10-09T23:38:16.587",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Dell EMC iDRAC7/iDRAC8, versions prior to 2.60.60.60, and iDRAC9 versions prior to 3.21.21.21 contain a command injection vulnerability in the SNMP agent. A remote authenticated malicious iDRAC user with configuration privileges could potentially exploit this vulnerability to execute arbitrary commands on the iDRAC where SNMP alerting is enabled."
},
{
"lang": "es",
"value": "Dell EMC iDRAC7/iDRAC8, en versiones anteriores a la 2.60.60.60, y iDRAC9 en versiones anteriores a la 3.21.21.21, contienen una vulnerabilidad de inyecci\u00f3n de comandos en el agente SNMP. Un usuario iDRAC autenticado remoto con privilegios de configuraci\u00f3n podr\u00eda explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el iDRAC donde las alertas SNMP est\u00e1n habilitadas."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:idrac7_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.60.60.60",
"matchCriteriaId": "1ED37BFF-3509-4044-B386-9D6212B63CFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:idrac8_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.60.60.60",
"matchCriteriaId": "B8F1BC7F-CCAC-45CD-832F-5B4CDC7A5D15"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:idrac9_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.21.21.21",
"matchCriteriaId": "38E4C31B-2354-4DC9-BE44-D11E93492384"
}
]
}
]
}
],
"references": [
{
"url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/104964",
"source": "security_alert@emc.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink