Arbitrary Command Execution Risk in Dell iDRAC Products
CVE-2014-8272

Currently unrated

Key Information:

Vendor: Dell
Status: Idrac6 Modular
Vendor: CVE Published:; 19 December 2014

Summary

The IPMI 1.5 functionality in select Dell iDRAC versions fails to securely manage session ID values, enabling remote attackers to potentially execute arbitrary commands via brute-force methods. This vulnerability affects multiple iDRAC versions, posing a serious security concern for systems relying on this management interface. To mitigate risks, users are advised to update to the latest firmware versions and implement additional security measures.

References

http://www.kb.cert.org/vuls/id/BLUU-9RDQHM

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/35770

exploitx_refsource_EXPLOIT-DB

http://www.kb.cert.org/vuls/id/843044

third-party-advisoryx_refsource_CERT-VN

EPSS Score

45% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 19, 2014
Vulnerability Reserved
Oct 12, 2014