Vulnerability CVE-2014-8272


Published: 2014-12-19

Description:
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Type:

CWE-Other

Vendor: DELL
Product: Idrac6 modular 
Version: 3.60;
Product: Idrac6 monolithic 
Version: 1.97;
Product: Idrac7 
Version: 1.56.55;
Vendor: Intel
Product: IPMI 
Version: 1.5;

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
http://www.kb.cert.org/vuls/id/843044
http://www.exploit-db.com/exploits/35770

Related CVE
CVE-2019-11129
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11128
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11127
Buffer overflow in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11126
Pointer corruption in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11125
Insufficient input validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11124
Out of bound read/write in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11123
Insufficient session validation in system firmware for Intel(R) NUC Kit may allow a privileged user to potentially enable escalation of privilege, denial of service and/or information disclosure via local access.
CVE-2019-11119
Insufficient session validation in the service API for Intel(R) RWC3 version 4.186 and before may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Copyright 2019, cxsecurity.com

 

Back to Top