CVE-2014-8272
Dell iDRAC6 modular <3.65, iDRAC6 monolithic <1.98, iDRAC7 <1.57.57...
Title source: llmDescription
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
Exploits (1)
exploitdb
WORKING POC
by Yong Chuan_ Koh · pythonwebappshardware
https://www.exploit-db.com/exploits/35770
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_confirm
http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/35770
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/843044
Scores
EPSS
0.5958
EPSS Percentile
98.3%
Details
Status
published
Products (4)
dell/idrac6_modular
< 3.60
dell/idrac6_monolithic
< 1.97
dell/idrac7
< 1.56.55
intel/ipmi
1.5
Published
Dec 19, 2014
Tracked Since
Feb 18, 2026