What is CVE-2014-8272?

CVE-2014-8272 is a vulnerability in Dell Idrac6_modular. Published 2014-12-19.

Is CVE-2014-8272 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Dell Idrac6_modular

CVE-2014-8272

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands vi…

EPSS: 0.596 (98.3th percentile) — read the EPSS interpretation.

Affected products

Dell Idrac6_modular
Dell Idrac6_monolithic
Dell Idrac7
Intel Ipmi — versions 1.5
N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
ZtczGrowtopia/2500-OPEN-SOURCE-RAT
chnzzh/iDRAC-CVE-lib

References

cret@cert.org (x_refsource_CONFIRM, US Government Resource, Third Party Advisory)
35770 (Exploit, exploit, x_refsource_EXPLOIT-DB)
VU#843044 (x_refsource_CERT-VN, US Government Resource, Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2014-8272?: CVE-2014-8272 is a vulnerability in Dell Idrac6_modular. Published 2014-12-19.
Is CVE-2014-8272 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.