Dell iDRAC Improper Session ID Handling (CVE-2014-8272)

2024-01-1700:00:00

www.tenable.com

dell idrac

improper session id handling

cve-2014-8272

remote

vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.6

Confidence

Low

EPSS

0.022

Percentile

89.5%

JSON

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501900);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id("CVE-2014-8272");
  script_xref(name:"EDB-ID", value:"35770");

  script_name(english:"Dell iDRAC Improper Session ID Handling (CVE-2014-8272)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6
monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly
select session ID values, which makes it easier for remote attackers
to execute arbitrary commands via a brute-force attack.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"http://www.exploit-db.com/exploits/35770");
  script_set_attribute(attribute:"see_also", value:"http://www.kb.cert.org/vuls/id/843044");
  script_set_attribute(attribute:"see_also", value:"http://www.kb.cert.org/vuls/id/BLUU-9RDQHM");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8272");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:idrac6_modular");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:idrac6_monolithic");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:idrac7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Dell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Dell');

var asset = tenable_ot::assets::get(vendor:'Dell');

var vuln_cpes = {
    "cpe:/a:dell:idrac6_modular" :
        {"versionEndIncluding" : "3.60", "family" : "iDRAC6"},
    "cpe:/a:dell:idrac7" :
        {"versionEndIncluding" : "1.56.55", "family" : "iDRAC7"},
    "cpe:/a:dell:idrac6_monolithic" :
        {"versionEndIncluding" : "1.97", "family" : "iDRAC6"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);