CVE-2014-8272

EUVD-2014-8113
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
Affected Products (NVD)
VendorProductVersion
dellidrac6_modular
𝑥
≤ 3.60
dellidrac7
𝑥
≤ 1.56.55
intelipmi
1.5
dellidrac6_monolithic
𝑥
≤ 1.97
𝑥
= Vulnerable software versions
References
http://www.exploit-db.com/exploits/35770
http://www.kb.cert.org/vuls/id/843044
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
http://www.exploit-db.com/exploits/35770
http://www.kb.cert.org/vuls/id/843044
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM