Details of VAR-201704-0166

ID

VAR-201704-0166

CVE

CVE-2015-7273

TITLE

Dell iDRAC7 and iDRAC8 In XML External entity vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007497

DESCRIPTION

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. Dell iDRAC7 and iDRAC8 Is XML An external entity vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. A cross-site scripting vulnerability exists in Dell iDRAC 7 and 8 prior to 2.21.21.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 1.8

sources: NVD: CVE-2015-7273 // JVNDB: JVNDB-2015-007497 // VULHUB: VHN-85234 // VULMON: CVE-2015-7273

AFFECTED PRODUCTS

vendor:	dell	model:	integrated remote access controller	scope:	lte	version:	2.20.20.20	Trust: 1.0
vendor:	dell	model:	idrac7	scope:	lt	version:	2.21.21.21	Trust: 0.8
vendor:	dell	model:	idrac8	scope:	lt	version:	2.21.21.21	Trust: 0.8
vendor:	dell	model:	integrated remote access controller	scope:	eq	version:	2.20.20.20	Trust: 0.6

sources: JVNDB: JVNDB-2015-007497 // CNNVD: CNNVD-201704-534 // NVD: CVE-2015-7273

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7273
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-7273
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201704-534
value:	HIGH
Trust: 0.6
VULHUB:	VHN-85234
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-7273
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7273
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-85234
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7273
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-85234 // VULMON: CVE-2015-7273 // JVNDB: JVNDB-2015-007497 // CNNVD: CNNVD-201704-534 // NVD: CVE-2015-7273

PROBLEMTYPE DATA

problemtype:

CWE-611

Trust: 1.9

sources: VULHUB: VHN-85234 // JVNDB: JVNDB-2015-007497 // NVD: CVE-2015-7273

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-534

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201704-534

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007497

PATCH

title:	Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015	url:	http://en.community.dell.com/techcenter/extras/m/white_papers/20441859	Trust: 0.8
title:	Dell Integrated Remote Access Controller 7 and 8 Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70168	Trust: 0.6
title:	-	url:	https://github.com/chnzzh/iDRAC-CVE-lib	Trust: 0.1

sources: VULMON: CVE-2015-7273 // JVNDB: JVNDB-2015-007497 // CNNVD: CNNVD-201704-534

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7273	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-007497	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-534	Trust: 0.7
db:	VULHUB	id:	VHN-85234	Trust: 0.1
db:	VULMON	id:	CVE-2015-7273	Trust: 0.1

sources: VULHUB: VHN-85234 // VULMON: CVE-2015-7273 // JVNDB: JVNDB-2015-007497 // CNNVD: CNNVD-201704-534 // NVD: CVE-2015-7273

REFERENCES

url:	http://en.community.dell.com/techcenter/extras/m/white_papers/20441859	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7273	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7273	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/611.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/chnzzh/idrac-cve-lib	Trust: 0.1

sources: VULHUB: VHN-85234 // VULMON: CVE-2015-7273 // JVNDB: JVNDB-2015-007497 // CNNVD: CNNVD-201704-534 // NVD: CVE-2015-7273

SOURCES

db:	VULHUB	id:	VHN-85234
db:	VULMON	id:	CVE-2015-7273
db:	JVNDB	id:	JVNDB-2015-007497
db:	CNNVD	id:	CNNVD-201704-534
db:	NVD	id:	CVE-2015-7273

LAST UPDATE DATE

2025-04-20T23:20:03.141000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85234	date:	2017-04-14T00:00:00
db:	VULMON	id:	CVE-2015-7273	date:	2017-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2015-007497	date:	2017-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201704-534	date:	2017-05-18T00:00:00
db:	NVD	id:	CVE-2015-7273	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85234	date:	2017-04-10T00:00:00
db:	VULMON	id:	CVE-2015-7273	date:	2017-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-007497	date:	2017-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201704-534	date:	2017-04-09T00:00:00
db:	NVD	id:	CVE-2015-7273	date:	2017-04-10T03:59:00.827