Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8272

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-8272
Last Modified 05 Feb 2015 03:13:24
Published 19 Dec 2014 06:59:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-8272

Summary

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Vulnerable Systems

Application

  • Dell Idrac6 Modular 3.60

  • Dell Idrac6 Monolithic 1.97

  • Dell Idrac7 1.56.55

  • Intel Ipmi 1.5


References

CONFIRM - http://www.kb.cert.org/vuls/id/BLUU-9RDQHM

CERT-VN - VU#843044

EXPLOIT-DB - 35770


Last Updated: 27 May 2016 11:07:20