CVE-2014-8272

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM	Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/843044	Third Party Advisory US Government Resource
http://www.exploit-db.com/exploits/35770	Exploit

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*

Information

Published : 2014-12-19 03:59

Updated : 2015-02-05 12:13

NVD link : CVE-2014-8272

Mitre link : CVE-2014-8272

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

dell

idrac7
idrac6_modular
idrac6_monolithic

intel

ipmi

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM", "name": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CONFIRM"}, {"url": "http://www.kb.cert.org/vuls/id/843044", "name": "VU#843044", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://www.exploit-db.com/exploits/35770", "name": "35770", "tags": ["Exploit"], "refsource": "EXPLOIT-DB"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-8272", "ASSIGNER": "cert@cert.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-12-19T11:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.60"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.56.55"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.97"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2015-02-05T20:13Z"}