CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
89.5%
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501900);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");
script_cve_id("CVE-2014-8272");
script_xref(name:"EDB-ID", value:"35770");
script_name(english:"Dell iDRAC Improper Session ID Handling (CVE-2014-8272)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6
monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly
select session ID values, which makes it easier for remote attackers
to execute arbitrary commands via a brute-force attack.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://www.exploit-db.com/exploits/35770");
script_set_attribute(attribute:"see_also", value:"http://www.kb.cert.org/vuls/id/843044");
script_set_attribute(attribute:"see_also", value:"http://www.kb.cert.org/vuls/id/BLUU-9RDQHM");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-8272");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/12/19");
script_set_attribute(attribute:"patch_publication_date", value:"2014/12/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:idrac6_modular");
script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:idrac6_monolithic");
script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:idrac7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Dell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Dell');
var asset = tenable_ot::assets::get(vendor:'Dell');
var vuln_cpes = {
"cpe:/a:dell:idrac6_modular" :
{"versionEndIncluding" : "3.60", "family" : "iDRAC6"},
"cpe:/a:dell:idrac7" :
{"versionEndIncluding" : "1.56.55", "family" : "iDRAC7"},
"cpe:/a:dell:idrac6_monolithic" :
{"versionEndIncluding" : "1.97", "family" : "iDRAC6"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);