CVE-2014-8272

Dell iDRAC6 modular <3.65, iDRAC6 monolithic <1.98, iDRAC7 <1.57.57...

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8272. PoCs published by Yong Chuan_ Koh.

AI-analyzed exploit summary This exploit targets CVE-2014-8272, an authentication bypass vulnerability in IPMI 2.0. It establishes a session with elevated privileges by manipulating session headers and authentication types.

Description

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Exploits (1)

exploitdb WORKING POC
by Yong Chuan_ Koh · pythonwebappshardware
https://www.exploit-db.com/exploits/35770

This exploit targets CVE-2014-8272, an authentication bypass vulnerability in IPMI 2.0. It establishes a session with elevated privileges by manipulating session headers and authentication types.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: IPMI 2.0 (Intelligent Platform Management Interface)
No auth needed
Prerequisites: Network access to the target IPMI interface · IPMI 2.0 enabled on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35770
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/843044

Scores

EPSS 0.2115
EPSS Percentile 97.3%

Details

Status published
Products (4)
dell/idrac6_modular < 3.60
dell/idrac6_monolithic < 1.97
dell/idrac7 < 1.56.55
intel/ipmi 1.5
Published Dec 19, 2014
Tracked Since Feb 18, 2026