Sign-up

ID

VAR-201704-0168


CVE

CVE-2015-7275


TITLE

plural Dell iDRAC Product cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-007499

DESCRIPTION

Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. Dell iDRAC6 , iDRAC7 and iDRAC8 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Multiple Dell iDRAC products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. The following products are vulnerable: Dell iDRAC6 versions prior to 2.85 Dell iDRAC7 versions prior to 2.30.30.30 Dell iDRAC8 versions prior to 2.30.30.30. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 2.07

sources: NVD: CVE-2015-7275 // JVNDB: JVNDB-2015-007499 // BID: 97520 // VULHUB: VHN-85236 // VULMON: CVE-2015-7275

AFFECTED PRODUCTS

vendor:dellmodel:integrated remote access controllerscope:lteversion:2.80

Trust: 1.0

vendor:dellmodel:integrated remote access controllerscope:lteversion:2.21.21.21

Trust: 1.0

vendor:dellmodel:idrac6scope:ltversion:2.85

Trust: 0.8

vendor:dellmodel:idrac7scope:ltversion:2.30.30.30

Trust: 0.8

vendor:dellmodel:idrac8scope:ltversion:2.30.30.30

Trust: 0.8

vendor:dellmodel:integrated remote access controllerscope:eqversion:2.21.21.21

Trust: 0.6

vendor:dellmodel:integrated remote access controllerscope:eqversion:2.80

Trust: 0.6

vendor:dellmodel:idrac8scope:eqversion:2.30

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:2.30

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:1.57.57

Trust: 0.3

vendor:dellmodel:idrac7scope:eqversion:1.56.55

Trust: 0.3

vendor:dellmodel:idrac6scope:eqversion:2.80

Trust: 0.3

vendor:dellmodel:idrac6scope:eqversion:1.95

Trust: 0.3

vendor:dellmodel:idrac6scope:eqversion:1.7

Trust: 0.3

vendor:dellmodel:idrac6scope:eqversion:1.41

Trust: 0.3

vendor:dellmodel:idrac8scope:neversion:2.30.30.30

Trust: 0.3

vendor:dellmodel:idrac7scope:neversion:2.30.30.30

Trust: 0.3

vendor:dellmodel:idrac6scope:neversion:2.85

Trust: 0.3

sources: BID: 97520 // JVNDB: JVNDB-2015-007499 // CNNVD: CNNVD-201704-532 // NVD: CVE-2015-7275

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7275
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7275
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201704-532
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85236
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-7275
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7275
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-85236
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7275
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-85236 // VULMON: CVE-2015-7275 // JVNDB: JVNDB-2015-007499 // CNNVD: CNNVD-201704-532 // NVD: CVE-2015-7275

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-85236 // JVNDB: JVNDB-2015-007499 // NVD: CVE-2015-7275

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-532

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201704-532

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007499

PATCH
title:Dell iDRAC Response to CVE (Common Vulnerabilities and Exposures) ID CVE-2015-7270, 7271, 7272, 7273, 7274, and 7275 - 2 DEC 2015url:http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Trust: 0.8
title:Dell Integrated Remote Access Controller 6 , 7  and 8 Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70166
Trust: 0.6
title: - url:https://github.com/chnzzh/iDRAC-CVE-lib 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-7275 // 
            
            
            
            JVNDB: JVNDB-2015-007499 // 
            
            
            
            CNNVD: CNNVD-201704-532

EXTERNAL IDS
db:NVDid:CVE-2015-7275
Trust: 2.9
db:BIDid:97520
Trust: 1.5
db:JVNDBid:JVNDB-2015-007499
Trust: 0.8
db:CNNVDid:CNNVD-201704-532
Trust: 0.7
db:VULHUBid:VHN-85236
Trust: 0.1
db:VULMONid:CVE-2015-7275
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85236 // 
            
            
            
            VULMON: CVE-2015-7275 // 
            
            
            
            BID: 97520 // 
            
            
            
            JVNDB: JVNDB-2015-007499 // 
            
            
            
            CNNVD: CNNVD-201704-532 // 
            
            
            
            NVD: CVE-2015-7275

REFERENCES
url:http://en.community.dell.com/techcenter/extras/m/white_papers/20441859
Trust: 2.1
url:http://www.securityfocus.com/bid/97520
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7275
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7275
Trust: 0.8
url:http://dell.com
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/chnzzh/idrac-cve-lib
Trust: 0.1
sources:
            
            
            VULHUB: VHN-85236 // 
            
            
            
            VULMON: CVE-2015-7275 // 
            
            
            
            BID: 97520 // 
            
            
            
            JVNDB: JVNDB-2015-007499 // 
            
            
            
            CNNVD: CNNVD-201704-532 // 
            
            
            
            NVD: CVE-2015-7275

CREDITS
Google Infrastructure Security Assurance
Trust: 0.3
sources:
            
            
            BID: 97520

SOURCES
db:VULHUBid:VHN-85236
db:VULMONid:CVE-2015-7275
db:BIDid:97520
db:JVNDBid:JVNDB-2015-007499
db:CNNVDid:CNNVD-201704-532
db:NVDid:CVE-2015-7275

LAST UPDATE DATE
2025-04-20T23:27:26.719000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-85236date:2017-04-14T00:00:00
db:VULMONid:CVE-2015-7275date:2017-04-14T00:00:00
db:BIDid:97520date:2017-04-11T00:04:00
db:JVNDBid:JVNDB-2015-007499date:2017-05-15T00:00:00
db:CNNVDid:CNNVD-201704-532date:2017-05-18T00:00:00
db:NVDid:CVE-2015-7275date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-85236date:2017-04-10T00:00:00
db:VULMONid:CVE-2015-7275date:2017-04-10T00:00:00
db:BIDid:97520date:2017-04-10T00:00:00
db:JVNDBid:JVNDB-2015-007499date:2017-05-15T00:00:00
db:CNNVDid:CNNVD-201704-532date:2017-04-09T00:00:00
db:NVDid:CVE-2015-7275date:2017-04-10T03:59:00.890