Details of VAR-201412-0537

ID

VAR-201412-0537

CVE

CVE-2014-8272

TITLE

Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values

Trust: 0.8

sources: CERT/CC: VU#843044

DESCRIPTION

The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. Intelligent Platform Management Interface (IPMI) v1.5 Multiple implementations of the protocol Dell iDRAC The product contains a command injection vulnerability due to a session management issue. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.html Sessions where random values should be used ID Is assigned regularly, so Dell iDRAC Next session used by the user logged in ID May be guessed. Also session ID Because the range of values used as is small, it is easy to guess by brute force attacks. Dell Computer Corporation, Inc. Information for VU#843044 (http://www.kb.cert.org/vuls/id/BLUU-9RDQHM) Then Dell Says: * The legacy nature of the IPMI 1.5 protocol exposes several weaknesses in * the overall design and implementation. These are: * Use of an insecure (unencrypted) channel for communication. * Poor password management including limited password length. * Limited session management capability. * These weaknesses are inherent in the overall design and implementation * of the protocol, therefore support for the IPMI 1.5 version of the protocol * has been permanently removed. This means that it will not be possible to * reactivate or enable it in an operational setting.By a remote third party, Dell iDRAC Could be hijacked to connect to and execute arbitrary commands. Multiple Dell iDRAC Products are prone to a vulnerability that lets attackers inject arbitrary commands. Successful exploits will allow attackers to execute arbitrary commands in the context of the affected application. This may further aid in other attacks. Dell iDRAC6 modular, iDRAC6 monolithic and iDRAC7 are all system management solutions from Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. , which provides the ability to monitor, control, and automatically report on the health of a large number of servers. A security vulnerability exists in IPMI version 1.5 of several Dell products. The following products and versions are affected: Dell iDRAC6 modular 3.60 and earlier, iDRAC6 monolithic 1.97 and earlier, iDRAC7 1.56.55 and earlier

Trust: 2.79

sources: NVD: CVE-2014-8272 // CERT/CC: VU#843044 // JVNDB: JVNDB-2014-007308 // BID: 71750 // VULHUB: VHN-76217 // VULMON: CVE-2014-8272

AFFECTED PRODUCTS

vendor:	intel	model:	ipmi	scope:	eq	version:	1.5	Trust: 1.8
vendor:	dell	model:	idrac7	scope:	lte	version:	1.56.55	Trust: 1.0
vendor:	dell	model:	idrac6 modular	scope:	lte	version:	3.60	Trust: 1.0
vendor:	dell	model:	idrac6 monolithic	scope:	lte	version:	1.97	Trust: 1.0
vendor:	dell computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	dell	model:	idrac6 modular	scope:	lte	version:	version 3.60	Trust: 0.8
vendor:	dell	model:	idrac6 monolithic	scope:	lte	version:	version 1.97	Trust: 0.8
vendor:	dell	model:	idrac7 module	scope:	lte	version:	version 1.56.55	Trust: 0.8
vendor:	dell	model:	idrac6 modular	scope:	eq	version:	3.60	Trust: 0.6
vendor:	dell	model:	idrac7	scope:	eq	version:	1.56.55	Trust: 0.6

sources: CERT/CC: VU#843044 // JVNDB: JVNDB-2014-007308 // CNNVD: CNNVD-201412-429 // NVD: CVE-2014-8272

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8272
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-8272
value:	HIGH
Trust: 0.8
IPA:	JVNDB-2014-007308
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201412-429
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-76217
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2014-8272
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-8272
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2014-8272
severity:	HIGH
baseScore:	10.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2014-007308
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-76217
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#843044 // VULHUB: VHN-76217 // VULMON: CVE-2014-8272 // JVNDB: JVNDB-2014-007308 // CNNVD: CNNVD-201412-429 // NVD: CVE-2014-8272

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2014-007308 // NVD: CVE-2014-8272

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-429

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201412-429

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007308

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#843044 // VULHUB: VHN-76217 // VULMON: CVE-2014-8272

PATCH

title:	Intelligent Platform Management Interface (IPMI) Information	url:	http://www.intel.com/content/www/us/en/servers/ipmi/ipmi-home.html	Trust: 0.8
title:	DELL iDRAC 1.57.57 Driver Details	url:	http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=XH6FX	Trust: 0.8
title:	iDRAC6 Monolithic Release 1.98 Driver Details	url:	http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=78M0V	Trust: 0.8
title:	iDRAC6 MODULAR 3.65 release Driver Details	url:	http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=61W8X	Trust: 0.8
title:	-	url:	https://github.com/tdrft6/awesome-rat-master	Trust: 0.1
title:	Awesome-RATs	url:	https://github.com/BLACKHAT-SSG/Awesome-RATs	Trust: 0.1
title:	RAT-Army	url:	https://github.com/DAILYHIJACKS/RAT-Army	Trust: 0.1
title:	Rat-Pack	url:	https://github.com/imtheblackpantherXD/Rat-Pack	Trust: 0.1

sources: VULMON: CVE-2014-8272 // JVNDB: JVNDB-2014-007308

EXTERNAL IDS

db:	CERT/CC	id:	VU#843044	Trust: 3.7
db:	NVD	id:	CVE-2014-8272	Trust: 2.9
db:	EXPLOIT-DB	id:	35770	Trust: 1.2
db:	JVN	id:	JVNVU90515133	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-007308	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-429	Trust: 0.7
db:	BID	id:	71750	Trust: 0.4
db:	SEEBUG	id:	SSVID-90211	Trust: 0.1
db:	PACKETSTORM	id:	129952	Trust: 0.1
db:	VULHUB	id:	VHN-76217	Trust: 0.1
db:	VULMON	id:	CVE-2014-8272	Trust: 0.1

sources: CERT/CC: VU#843044 // VULHUB: VHN-76217 // VULMON: CVE-2014-8272 // BID: 71750 // JVNDB: JVNDB-2014-007308 // CNNVD: CNNVD-201412-429 // NVD: CVE-2014-8272

REFERENCES

url:	http://www.kb.cert.org/vuls/id/843044	Trust: 3.0
url:	http://www.kb.cert.org/vuls/id/bluu-9rdqhm	Trust: 2.6
url:	http://www.exploit-db.com/exploits/35770	Trust: 1.2
url:	http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=61w8x	Trust: 0.8
url:	http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=78m0v	Trust: 0.8
url:	http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=xh6fx	Trust: 0.8
url:	http://www.intel.com/content/www/us/en/servers/ipmi/second-gen-interface-spec-v2-rev1-4.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8272	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90515133/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8272	Trust: 0.8
url:	http://en.community.dell.com/techcenter/systems-management/w/wiki/4357.idrac6-home.aspx	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=36819	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/35770/	Trust: 0.1

sources: CERT/CC: VU#843044 // VULHUB: VHN-76217 // VULMON: CVE-2014-8272 // BID: 71750 // JVNDB: JVNDB-2014-007308 // CNNVD: CNNVD-201412-429 // NVD: CVE-2014-8272

CREDITS

Yong Chuan Koh

Trust: 0.3

sources: BID: 71750

SOURCES

db:	CERT/CC	id:	VU#843044
db:	VULHUB	id:	VHN-76217
db:	VULMON	id:	CVE-2014-8272
db:	BID	id:	71750
db:	JVNDB	id:	JVNDB-2014-007308
db:	CNNVD	id:	CNNVD-201412-429
db:	NVD	id:	CVE-2014-8272

LAST UPDATE DATE

2025-04-13T23:39:39.889000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#843044	date:	2014-12-18T00:00:00
db:	VULHUB	id:	VHN-76217	date:	2015-02-05T00:00:00
db:	VULMON	id:	CVE-2014-8272	date:	2015-02-05T00:00:00
db:	BID	id:	71750	date:	2014-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-007308	date:	2014-12-22T00:00:00
db:	CNNVD	id:	CNNVD-201412-429	date:	2014-12-22T00:00:00
db:	NVD	id:	CVE-2014-8272	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#843044	date:	2014-12-18T00:00:00
db:	VULHUB	id:	VHN-76217	date:	2014-12-19T00:00:00
db:	VULMON	id:	CVE-2014-8272	date:	2014-12-19T00:00:00
db:	BID	id:	71750	date:	2014-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2014-007308	date:	2014-12-22T00:00:00
db:	CNNVD	id:	CNNVD-201412-429	date:	2014-12-22T00:00:00
db:	NVD	id:	CVE-2014-8272	date:	2014-12-19T11:59:05.290