Vulnerability Details : CVE-2014-8272
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
Exploit prediction scoring system (EPSS) score for CVE-2014-8272
Probability of exploitation activity in the next 30 days: 2.20%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-8272
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2014-8272
-
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
VU#843044 - Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID valuesThird Party Advisory;US Government Resource
-
http://www.exploit-db.com/exploits/35770
Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness - Hardware webapps ExploitExploit
-
http://www.kb.cert.org/vuls/id/843044
VU#843044 - Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID valuesThird Party Advisory;US Government Resource
Products affected by CVE-2014-8272
- cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*