CVE-2014-8272
Summary
| CVE | CVE-2014-8272 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-19 11:59:00 UTC |
| Updated | 2015-02-05 20:13:00 UTC |
| Description | The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Dell | Idrac6 Modular | All | All | All | All |
| Application | Dell | Idrac6 Monolithic | All | All | All | All |
| Application | Dell | Idrac7 | All | All | All | All |
| Application | Intel | Ipmi | 1.5 | All | All | All |
| Application | Intel | Ipmi | 1.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Dell Computer Corporation, Inc. Information for VU#843044 | CONFIRM | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Vulnerability Note VU#843044 - Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness | EXPLOIT-DB | www.exploit-db.com | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.