CVE-2014-8272

Published: Dec 19, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Affected (4)

Products: Dell: Idrac6 Modular, Idrac7, Idrac6 Monolithic · Intel: Ipmi

3 products

Idrac6 Monolithic

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Dell Idrac6 Modular	Up to 3.60

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Dell Idrac7	Up to 1.56.55

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Intel Ipmi	Version 1.5

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Dell Idrac6 Monolithic	Up to 1.97

References (6)

http://www.exploit-db.com/exploits/35770

Source: cret@cert.org

Exploit

http://www.kb.cert.org/vuls/id/843044

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/BLUU-9RDQHM

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://www.exploit-db.com/exploits/35770

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.kb.cert.org/vuls/id/843044

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.kb.cert.org/vuls/id/BLUU-9RDQHM

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.