3 matches found
Dell iDRAC Improper Session ID Handling (CVE-2014-8272)
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. This plugin only works with...
Dell iDRAC Products IPMI Arbitrary Command Injection Vulnerability
The remote host is running a version of iDRAC that ships with a version of IPMI that does not sufficiently randomize session ID values. An unauthenticated, remote attacker can exploit this to inject arbitrary commands into a privileged session. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
CVE-2014-8272
CVE-2014-8272 affects Dell iDRAC6 (modular before 3.65; monolithic before 1.98) and iDRAC7 before 1.57.57, where IPMI 1.5 session ID values are not properly randomized or selected, enabling remote attackers to brute-force session IDs and execute arbitrary commands. The vulnerability is remote (ne...