Details of VAR-201704-0167

ID

VAR-201704-0167

CVE

CVE-2015-7274

TITLE

Dell iDRAC6 For any administrator in HTTP Command execution vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007498

DESCRIPTION

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. This may further aid in other attacks. Versions prior to Dell iDRAC6 2.80 are vulnerable. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems

Trust: 2.34

sources: NVD: CVE-2015-7274 // JVNDB: JVNDB-2015-007498 // BID: 97546 // BID: 97545 // VULHUB: VHN-85235 // VULMON: CVE-2015-7274

AFFECTED PRODUCTS

vendor:	dell	model:	integrated remote access controller	scope:	lte	version:	1.99	Trust: 1.0
vendor:	dell	model:	idrac6	scope:	lt	version:	2.80	Trust: 0.8
vendor:	dell	model:	idrac6	scope:	eq	version:	1.95	Trust: 0.6
vendor:	dell	model:	idrac6	scope:	eq	version:	1.7	Trust: 0.6
vendor:	dell	model:	idrac6	scope:	eq	version:	1.41	Trust: 0.6
vendor:	dell	model:	idrac6	scope:	ne	version:	2.80	Trust: 0.6
vendor:	dell	model:	integrated remote access controller	scope:	eq	version:	1.99	Trust: 0.6

sources: BID: 97546 // BID: 97545 // JVNDB: JVNDB-2015-007498 // CNNVD: CNNVD-201704-533 // NVD: CVE-2015-7274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7274
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7274
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201704-533
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85235
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-7274
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7274
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-85235
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7274
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-85235 // VULMON: CVE-2015-7274 // JVNDB: JVNDB-2015-007498 // CNNVD: CNNVD-201704-533 // NVD: CVE-2015-7274

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-85235 // JVNDB: JVNDB-2015-007498 // NVD: CVE-2015-7274

THREAT TYPE

network

Trust: 0.6

sources: BID: 97546 // BID: 97545

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 97546 // BID: 97545

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007498

PATCH

title:	Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015	url:	http://en.community.dell.com/techcenter/extras/m/white_papers/20441859	Trust: 0.8
title:	Dell Integrated Remote Access Controller 6 Fixes for permission permissions and access control vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70167	Trust: 0.6
title:	-	url:	https://github.com/chnzzh/iDRAC-CVE-lib	Trust: 0.1

sources: VULMON: CVE-2015-7274 // JVNDB: JVNDB-2015-007498 // CNNVD: CNNVD-201704-533

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7274	Trust: 2.9
db:	BID	id:	97546	Trust: 1.5
db:	BID	id:	97545	Trust: 1.5
db:	JVNDB	id:	JVNDB-2015-007498	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-533	Trust: 0.7
db:	VULHUB	id:	VHN-85235	Trust: 0.1
db:	VULMON	id:	CVE-2015-7274	Trust: 0.1

sources: VULHUB: VHN-85235 // VULMON: CVE-2015-7274 // BID: 97546 // BID: 97545 // JVNDB: JVNDB-2015-007498 // CNNVD: CNNVD-201704-533 // NVD: CVE-2015-7274

REFERENCES

url:	http://en.community.dell.com/techcenter/extras/m/white_papers/20441859	Trust: 2.1
url:	http://www.securityfocus.com/bid/97546	Trust: 1.3
url:	http://www.securityfocus.com/bid/97545	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7274	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7274	Trust: 0.8
url:	http://en.community.dell.com/techcenter/systems-management/w/wiki/4357.idrac6-home.aspx	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/chnzzh/idrac-cve-lib	Trust: 0.1

sources: VULHUB: VHN-85235 // VULMON: CVE-2015-7274 // BID: 97546 // BID: 97545 // JVNDB: JVNDB-2015-007498 // CNNVD: CNNVD-201704-533 // NVD: CVE-2015-7274

CREDITS

The vendor reported this issue.

Trust: 0.6

sources: BID: 97546 // BID: 97545

SOURCES

db:	VULHUB	id:	VHN-85235
db:	VULMON	id:	CVE-2015-7274
db:	BID	id:	97546
db:	BID	id:	97545
db:	JVNDB	id:	JVNDB-2015-007498
db:	CNNVD	id:	CNNVD-201704-533
db:	NVD	id:	CVE-2015-7274

LAST UPDATE DATE

2025-04-20T23:25:05.307000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85235	date:	2017-04-14T00:00:00
db:	VULMON	id:	CVE-2015-7274	date:	2017-04-14T00:00:00
db:	BID	id:	97546	date:	2017-04-18T01:03:00
db:	BID	id:	97545	date:	2017-04-18T00:03:00
db:	JVNDB	id:	JVNDB-2015-007498	date:	2017-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201704-533	date:	2017-05-18T00:00:00
db:	NVD	id:	CVE-2015-7274	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85235	date:	2017-04-10T00:00:00
db:	VULMON	id:	CVE-2015-7274	date:	2017-04-10T00:00:00
db:	BID	id:	97546	date:	2017-04-09T00:00:00
db:	BID	id:	97545	date:	2017-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-007498	date:	2017-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201704-533	date:	2017-04-09T00:00:00
db:	NVD	id:	CVE-2015-7274	date:	2017-04-10T03:59:00.857