Vulnerability Details : CVE-2014-8272
Potential exploit
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
Products affected by CVE-2014-8272
- cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-8272
40.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-8272
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2014-8272
-
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
VU#843044 - Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID valuesThird Party Advisory;US Government Resource
-
http://www.exploit-db.com/exploits/35770
Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness - Hardware webapps ExploitExploit
-
http://www.kb.cert.org/vuls/id/843044
VU#843044 - Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID valuesThird Party Advisory;US Government Resource
Jump to