CVE-2018-11053— iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability

EPSS 0.10% · P26 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2018-11053

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability

Source: NVD (National Vulnerability Database)

Vulnerability Description

Dell EMC iDRAC Service Module for all supported Linux and XenServer versions v3.0.1, v3.0.2, v3.1.0, v3.2.0, when started, changes the default file permission of the hosts file of the host operating system (/etc/hosts) to world writable. A malicious low privileged operating system user or process could modify the host file and potentially redirect traffic from the intended destination to sites hosting malicious or unwanted content.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Dell EMC iDRAC Service Module Linux和XenServer 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Dell EMC iDRAC Service Module（iSM）是美国戴尔（Dell）公司的一套运行在服务器上的轻量级软件。该软件能够将集成Dell EMC远程访问控制器（iDRAC）扩展到主机操作系统。基于Linux和XenServer平台的Dell EMC iSM中存在安全漏洞，该漏洞源于在启动时程序将主机操作系统(/etc/hosts)的主机文件的默认文件权限更改成全局可写入。攻击者可利用该漏洞修改主机文件并可能将流量重定向到托管有恶意内容的网站。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Dell EMC	iDRAC Service Module	3.0.1	-

II. Public POCs for CVE-2018-11053

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2018-11053

请登录查看更多情报信息。

http://www.dell.com/support/article/us/en/19/sln310281/ism-dell-emc-idrac-service-module-improper-file-permission-vulnerability?lang=enx_refsource_MISC
http://www.securityfocus.com/bid/104567vdb-entryx_refsource_BID
https://nvd.nist.gov/vuln/detail/CVE-2018-11053

IV. Related Vulnerabilities

Same product: iDRAC Service Module

CVE-2026-23856
Dell iDRAC Service Module 访问控制错误漏洞

Same vendor: Dell EMC

V. Comments for CVE-2018-11053

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2018-11053— iSM: Dell EMC iDRAC Service Module Improper File Permission Vulnerability

I. Basic Information for CVE-2018-11053

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2018-11053

III. Intelligence Information for CVE-2018-11053

IV. Related Vulnerabilities

V. Comments for CVE-2018-11053

Leave a comment