CVE-2014-8272
Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
La funcionalidad IPMI 1.5 en Dell iDRAC6 modular anterior a 3.65, iDRAC6 monolítico anterior a 1.98 e iDRAC7 anterior a 1.57.57 no selecciona correctamente los valores ID de sesión, lo que facilita a atacantes remotos ejecutar comandos arbitrarios a través de ataques de fuerza bruta.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-10-12 CVE Reserved
- 2014-12-19 CVE Published
- 2015-01-13 First Exploit
- 2024-08-06 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://www.kb.cert.org/vuls/id/843044 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/BLUU-9RDQHM | Third Party Advisory |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/35770 | 2015-01-13 | |
| http://www.exploit-db.com/exploits/35770 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Dell Search vendor "Dell" | Idrac6 Modular Search vendor "Dell" for product "Idrac6 Modular" | <= 3.60 Search vendor "Dell" for product "Idrac6 Modular" and version " <= 3.60" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Idrac7 Search vendor "Dell" for product "Idrac7" | <= 1.56.55 Search vendor "Dell" for product "Idrac7" and version " <= 1.56.55" | - |
Affected
| ||||||
| Intel Search vendor "Intel" | Ipmi Search vendor "Intel" for product "Ipmi" | 1.5 Search vendor "Intel" for product "Ipmi" and version "1.5" | - |
Affected
| ||||||
| Dell Search vendor "Dell" | Idrac6 Monolithic Search vendor "Dell" for product "Idrac6 Monolithic" | <= 1.97 Search vendor "Dell" for product "Idrac6 Monolithic" and version " <= 1.97" | - |
Affected
| ||||||