ID CVE-2014-8272
Summary The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. <a href="http://cwe.mitre.org/data/definitions/330.html">CWE-330: Use of Insufficiently Random Values</a>
References
Vulnerable Configurations
  • cpe:2.3:a:dell:idrac6_modular:3.60:*:*:*:*:*:*:*
    cpe:2.3:a:dell:idrac6_modular:3.60:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:idrac7:1.56.55:*:*:*:*:*:*:*
    cpe:2.3:a:dell:idrac7:1.56.55:*:*:*:*:*:*:*
  • cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:dell:idrac6_monolithic:1.97:*:*:*:*:*:*:*
    cpe:2.3:a:dell:idrac6_monolithic:1.97:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 05-02-2015 - 20:13)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
cert-vn VU#843044
confirm http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
exploit-db 35770
Last major update 05-02-2015 - 20:13
Published 19-12-2014 - 11:59
Last modified 05-02-2015 - 20:13
Back to Top