Lucene search

K
cve[email protected]CVE-2014-8272
HistoryDec 19, 2014 - 11:59 a.m.

CVE-2014-8272

2014-12-1911:59:05
web.nvd.nist.gov
52
ipmi
dell
idrac6
idrac7
vulnerability
session id
remote attackers
arbitrary commands
brute-force attack
cve-2014-8272

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.022 Low

EPSS

Percentile

89.5%

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Affected configurations

NVD
Node
dellidrac6_modularRange≀3.60
Node
dellidrac7Range≀1.56.55
Node
intelipmiMatch1.5
Node
dellidrac6_monolithicRange≀1.97

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.022 Low

EPSS

Percentile

89.5%