Vulnerability Description
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dell | Idrac6 Modular | <= 3.60 |
| Dell | Idrac7 | <= 1.56.55 |
| Intel | Ipmi | 1.5 |
| Dell | Idrac6 Monolithic | <= 1.97 |
References
- http://www.exploit-db.com/exploits/35770Exploit
- http://www.kb.cert.org/vuls/id/843044Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-9RDQHMThird Party AdvisoryUS Government Resource
- http://www.exploit-db.com/exploits/35770Exploit
- http://www.kb.cert.org/vuls/id/843044Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-9RDQHMThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2014-8272?
CVE-2014-8272 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote att...
How severe is CVE-2014-8272?
CVE-2014-8272 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8272?
Check the references section above for vendor advisories and patch information. Affected products include: Dell Idrac6 Modular, Dell Idrac7, Intel Ipmi, Dell Idrac6 Monolithic.