{"api_version":"1","generated_at":"2026-05-01T19:25:49+00:00","cve":"CVE-2014-8272","urls":{"html":"https://cve.report/CVE-2014-8272","api":"https://cve.report/api/cve/CVE-2014-8272.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-8272","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-8272"},"summary":{"title":"CVE-2014-8272","description":"The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.","state":"PUBLIC","assigner":"cert@cert.org","published_at":"2014-12-19 11:59:00","updated_at":"2015-02-05 20:13:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.kb.cert.org/vuls/id/BLUU-9RDQHM","name":"http://www.kb.cert.org/vuls/id/BLUU-9RDQHM","refsource":"CONFIRM","tags":["Third Party Advisory","US Government Resource"],"title":"Dell Computer Corporation, Inc. Information for VU#843044","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/843044","name":"VU#843044","refsource":"CERT-VN","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#843044 - Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.exploit-db.com/exploits/35770","name":"35770","refsource":"EXPLOIT-DB","tags":["Exploit"],"title":"Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness","mime":"text/x-python","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-8272","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8272","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"8272","vulnerable":"1","versionEndIncluding":"3.60","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"idrac6_modular","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8272","vulnerable":"1","versionEndIncluding":"1.97","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"idrac6_monolithic","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8272","vulnerable":"1","versionEndIncluding":"1.56.55","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"dell","cpe5":"idrac7","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8272","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"intel","cpe5":"ipmi","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"8272","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"intel","cpe5":"ipmi","cpe6":"1.5","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2014-8272","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.kb.cert.org/vuls/id/BLUU-9RDQHM","refsource":"CONFIRM","url":"http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"},{"name":"35770","refsource":"EXPLOIT-DB","url":"http://www.exploit-db.com/exploits/35770"},{"name":"VU#843044","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/843044"}]}},"nvd":{"publishedDate":"2014-12-19 11:59:00","lastModifiedDate":"2015-02-05 20:13:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*","versionEndIncluding":"3.60","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*","versionEndIncluding":"1.56.55","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*","versionEndIncluding":"1.97","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"8272","Ordinal":"75294","Title":"CVE-2014-8272","CVE":"CVE-2014-8272","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"8272","Ordinal":"1","NoteData":"The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"8272","Ordinal":"2","NoteData":"2014-12-19","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"8272","Ordinal":"3","NoteData":"2015-02-02","Type":"Other","Title":"Modified"}]}}}