Dell EMC iDRAC6, versions before 2.91, iDRAC7/iDRAC8, versions before 2.60.60.60 and iDRAC9, versions before 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote malicious users to perform bruteforce session guessing attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dell idrac6 firmware |
||
dell idrac9 firmware |
||
dell idrac8 firmware |
||
dell idrac7 firmware |