CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-8272

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.459

EPSS Ranking 97.4%

CVSS Severity

CVSS v2 Score 5.0

References

http://www.exploit-db.com/exploits/35770
http://www.kb.cert.org/vuls/id/843044
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
http://www.exploit-db.com/exploits/35770
http://www.kb.cert.org/vuls/id/843044
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM

Products affected by CVE-2014-8272

Dell » Idrac6 Modular » Version: 3.60

cpe:2.3:a:dell:idrac6_modular:3.60
Dell » Idrac6 Monolithic » Version: 1.97

cpe:2.3:a:dell:idrac6_monolithic:1.97
Dell » Idrac7 » Version: 1.56.55

cpe:2.3:a:dell:idrac7:1.56.55
Intel » Ipmi » Version: 1.5

cpe:2.3:a:intel:ipmi:1.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-8272

Products

Pricing

Contact Us