VYPR
← All advisories
Unrated severityNVD Advisory· Published Mar 23, 2018· Updated Sep 16, 2024

CVE-2018-1211

CVE-2018-1211

Description

Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in its Web server's URI parser which could be used to obtain specific sensitive data without authentication. A remote unauthenticated attacker may be able to read configuration settings from the iDRAC by querying specific URI strings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A path traversal vulnerability in Dell EMC iDRAC7/iDRAC8 Web server allows unauthenticated remote attackers to read sensitive configuration data.

Vulnerability

Dell EMC iDRAC7 and iDRAC8, versions prior to 2.52.52.52, contain a path traversal vulnerability in the Web server's URI parser. An unauthenticated remote attacker can exploit this by sending specially crafted URI strings to read configuration settings from the iDRAC without authentication.

Exploitation

The attacker does not require any authentication or prior access. By querying specific URI strings that traverse directories, the attacker can access files outside the intended web root. The vulnerability is in the URI parser of the embedded web server.

Impact

Successful exploitation allows an unauthenticated attacker to read sensitive configuration data from the iDRAC. This could include credentials, network settings, and other system information, leading to further compromise of the management interface.

Mitigation

Dell EMC has released firmware version 2.52.52.52 to address this vulnerability. Users should update iDRAC7/iDRAC8 to this version or later. No workarounds are mentioned in the available references.

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3
  • Dell/Idrac7llm-fuzzy2 versions
    <2.52.52.52+ 1 more
    • (no CPE)range: <2.52.52.52
    • (no CPE)range: versions prior to 2.52.52.52
  • Dell/iDRAC8llm-fuzzy
    Range: <2.52.52.52

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.