CVE-2014-8272

Currently unrated

Key Information:

Vendor: Dell
Status: Idrac6 Modular
Vendor: CVE Published:; 19 December 2014

Summary

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

References

http://www.kb.cert.org/vuls/id/BLUU-9RDQHM

x_refsource_CONFIRM

http://www.exploit-db.com/exploits/35770

exploitx_refsource_EXPLOIT-DB

http://www.kb.cert.org/vuls/id/843044

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Dec 19, 2014
Vulnerability Reserved
Oct 12, 2014