Unrated severityNVD Advisory· Published Dec 19, 2014· Updated May 6, 2026

CVE-2014-8272

Description

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.

Affected products

Dell/Idrac6 Modular
cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*
Range: <=3.60
Dell/Idrac7
cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*
Range: <=1.56.55
Intel/Ipmi
cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*
Dell/Idrac6 Monolithic
cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*
Range: <=1.97

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/35770nvdExploit
www.kb.cert.org/vuls/id/843044nvdThird Party AdvisoryUS Government Resource
www.kb.cert.org/vuls/id/BLUU-9RDQHMnvdThird Party AdvisoryUS Government Resource

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.048
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000