Dell EMC iDRAC6, versions prior to 2.91, iDRAC7/iDRAC8, versions prior to 2.60.60.60 and iDRAC9, versions prior to 3.21.21.21, contain a weak CGI session ID vulnerability. The sessions invoked via CGI binaries use 96-bit numeric-only session ID values, which makes it easier for remote attackers to perform bruteforce session guessing attacks.
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Idrac6_firmware | Dell | * | 2.91 (excluding) |
Idrac7_firmware | Dell | * | 2.60.60.60 (excluding) |
Idrac8_firmware | Dell | * | 2.60.60.60 (excluding) |
Idrac9_firmware | Dell | * | 3.21.21.21 (excluding) |