CVE-2014-8272

2014-12-1911:59:05

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

7.4

Confidence

Low

EPSS

0.022

Percentile

89.5%

JSON

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Affected configurations

Nvd

Node

dellidrac6_modularRange≤3.60

Node

dellidrac7Range≤1.56.55

Node

intelipmiMatch1.5

Node

dellidrac6_monolithicRange≤1.97

VendorProductVersionCPE
dellidrac6_modular*cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*
dellidrac7*cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*
intelipmi1.5cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*
dellidrac6_monolithic*cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
dell	idrac6_modular	*	cpe:2.3:a:dell:idrac6_modular::::::::
dell	idrac7	*	cpe:2.3:a:dell:idrac7::::::::
intel	ipmi	1.5	cpe:2.3:a:intel:ipmi:1.5:::::::*
dell	idrac6_monolithic	*	cpe:2.3:a:dell:idrac6_monolithic::::::::