CVE-2014-8272
CVE-2014-8272 is a medium-severity vulnerability in Dell Idrac6 Modular with a CVSS 2.0 base score of 5.0. Its EPSS exploit-prediction score of 21% places it in the 97th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 21% (97th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Dell Idrac6 Modular
- Published:
- Last modified:
Description
The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
Frequently asked questions
- What is CVE-2014-8272?
- The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
- How severe is CVE-2014-8272?
- CVE-2014-8272 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2014-8272 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 21% (97th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-8272?
- CVE-2014-8272 primarily affects Dell Idrac6 Modular. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2014-8272?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2014-8272 published?
- CVE-2014-8272 was published on 2014-12-19 and last updated on 2026-06-17.
References
- http://www.exploit-db.com/exploits/35770
- http://www.kb.cert.org/vuls/id/843044
- http://www.kb.cert.org/vuls/id/BLUU-9RDQHM
Affected products (4)
- cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*
- cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*
More vulnerabilities in Dell Idrac6 Modular
- CVE-2018-1212 — High (CVSS 8.8): The web-based diagnostics console in Dell EMC iDRAC6 (Monolithic versions prior to 2.91 and Modular all versions)…