Vulnerability CVE-2014-8272


Published: 2014-12-19

Description:
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Intel -> IPMI 
DELL -> Idrac6 modular 
DELL -> Idrac6 monolithic 
DELL -> Idrac7 

 References:
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
http://www.kb.cert.org/vuls/id/843044
http://www.exploit-db.com/exploits/35770

Copyright 2024, cxsecurity.com

 

Back to Top