Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for idrac6_modular by dell

    CVE-2018-1212 (GCVE-0-2018-1212)

    Vulnerability from nvd – Published: 2018-07-02 17:00 – Updated: 2024-09-17 01:37
    VLAI
    Title
    Authenticated remote code execution in iDRAC 6
    Summary
    The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
    CWE
    • Authenticated remote code execution command injection vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC6 (Monolithic) Affected: unspecified , < 2.91 (custom)
    Create a notification for this product.
    Dell EMC iDRAC6 (Modular) Affected: unspecified , ≤ 3.85 (custom)
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Credits
    Dell EMC would like to thank Arseniy for reporting this issue to us.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC6 (Monolithic)",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC6 (Modular)",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThanOrEqual": "3.85",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Dell EMC would like to thank Arseniy for reporting this issue to us."
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authenticated remote code execution command injection vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-02T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated remote code execution in iDRAC 6",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
              "ID": "CVE-2018-1212",
              "STATE": "PUBLIC",
              "TITLE": "Authenticated remote code execution in iDRAC 6"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC6 (Monolithic)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.91"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC6 (Modular)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "3.85"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Dell EMC would like to thank Arseniy for reporting this issue to us."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authenticated remote code execution command injection vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
                  "refsource": "CONFIRM",
                  "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1212",
        "datePublished": "2018-07-02T17:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:37:02.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8272 (GCVE-0-2014-8272)

    Vulnerability from nvd – Published: 2014-12-19 11:00 – Updated: 2024-08-06 13:10
    VLAI
    Summary
    The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/BLUU-9RDQHM x_refsource_CONFIRM
    http://www.exploit-db.com/exploits/35770 exploitx_refsource_EXPLOIT-DB
    http://www.kb.cert.org/vuls/id/843044 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2014-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:10:50.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
              },
              {
                "name": "35770",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/35770"
              },
              {
                "name": "VU#843044",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/843044"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-02-02T15:57:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
            },
            {
              "name": "35770",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/35770"
            },
            {
              "name": "VU#843044",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/843044"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-8272",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
                },
                {
                  "name": "35770",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/35770"
                },
                {
                  "name": "VU#843044",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/843044"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-8272",
        "datePublished": "2014-12-19T11:00:00.000Z",
        "dateReserved": "2014-10-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:10:50.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1212 (GCVE-0-2018-1212)

    Vulnerability from cvelistv5 – Published: 2018-07-02 17:00 – Updated: 2024-09-17 01:37
    VLAI
    Title
    Authenticated remote code execution in iDRAC 6
    Summary
    The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system.
    CWE
    • Authenticated remote code execution command injection vulnerability.
    Assigner
    References
    Impacted products
    Vendor Product Version
    Dell EMC iDRAC6 (Monolithic) Affected: unspecified , < 2.91 (custom)
    Create a notification for this product.
    Dell EMC iDRAC6 (Modular) Affected: unspecified , ≤ 3.85 (custom)
    Create a notification for this product.
    Date Public
    2018-06-26 00:00
    Credits
    Dell EMC would like to thank Arseniy for reporting this issue to us.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:51:48.999Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "iDRAC6 (Monolithic)",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThan": "2.91",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            },
            {
              "product": "iDRAC6 (Modular)",
              "vendor": "Dell EMC",
              "versions": [
                {
                  "lessThanOrEqual": "3.85",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Dell EMC would like to thank Arseniy for reporting this issue to us."
            }
          ],
          "datePublic": "2018-06-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Authenticated remote code execution command injection vulnerability.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-07-02T16:57:01.000Z",
            "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
            "shortName": "dell"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Authenticated remote code execution in iDRAC 6",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security_alert@emc.com",
              "DATE_PUBLIC": "2018-06-26T05:00:00.000Z",
              "ID": "CVE-2018-1212",
              "STATE": "PUBLIC",
              "TITLE": "Authenticated remote code execution in iDRAC 6"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "iDRAC6 (Monolithic)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "2.91"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "iDRAC6 (Modular)",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "3.85"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Dell EMC"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Dell EMC would like to thank Arseniy for reporting this issue to us."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions) contains a command injection vulnerability. A remote authenticated malicious iDRAC user with access to the diagnostics console could potentially exploit this vulnerability to execute arbitrary commands as root on the affected iDRAC system."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Authenticated remote code execution command injection vulnerability."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494",
                  "refsource": "CONFIRM",
                  "url": "http://en.community.dell.com/techcenter/extras/m/white_papers/20487494"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "assignerShortName": "dell",
        "cveId": "CVE-2018-1212",
        "datePublished": "2018-07-02T17:00:00.000Z",
        "dateReserved": "2017-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:37:02.877Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-8272 (GCVE-0-2014-8272)

    Vulnerability from cvelistv5 – Published: 2014-12-19 11:00 – Updated: 2024-08-06 13:10
    VLAI
    Summary
    The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/BLUU-9RDQHM x_refsource_CONFIRM
    http://www.exploit-db.com/exploits/35770 exploitx_refsource_EXPLOIT-DB
    http://www.kb.cert.org/vuls/id/843044 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2014-12-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T13:10:50.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
              },
              {
                "name": "35770",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "http://www.exploit-db.com/exploits/35770"
              },
              {
                "name": "VU#843044",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/843044"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-12-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-02-02T15:57:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
            },
            {
              "name": "35770",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "http://www.exploit-db.com/exploits/35770"
            },
            {
              "name": "VU#843044",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/843044"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-8272",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/BLUU-9RDQHM"
                },
                {
                  "name": "35770",
                  "refsource": "EXPLOIT-DB",
                  "url": "http://www.exploit-db.com/exploits/35770"
                },
                {
                  "name": "VU#843044",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/843044"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-8272",
        "datePublished": "2014-12-19T11:00:00.000Z",
        "dateReserved": "2014-10-12T00:00:00.000Z",
        "dateUpdated": "2024-08-06T13:10:50.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }