VAR-201412-0537
Vulnerability from variot - Updated: 2023-12-18 12:57The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. Intelligent Platform Management Interface (IPMI) v1.5 Multiple implementations of the protocol Dell iDRAC The product contains a command injection vulnerability due to a session management issue. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.html Sessions where random values should be used ID Is assigned regularly, so Dell iDRAC Next session used by the user logged in ID May be guessed. Also session ID Because the range of values used as is small, it is easy to guess by brute force attacks. Dell Computer Corporation, Inc. Information for VU#843044 (http://www.kb.cert.org/vuls/id/BLUU-9RDQHM) Then Dell Says: * The legacy nature of the IPMI 1.5 protocol exposes several weaknesses in * the overall design and implementation. These are: * Use of an insecure (unencrypted) channel for communication. * Poor password management including limited password length. * Limited session management capability. * These weaknesses are inherent in the overall design and implementation * of the protocol, therefore support for the IPMI 1.5 version of the protocol * has been permanently removed. This means that it will not be possible to * reactivate or enable it in an operational setting.By a remote third party, Dell iDRAC Could be hijacked to connect to and execute arbitrary commands. Multiple Dell iDRAC Products are prone to a vulnerability that lets attackers inject arbitrary commands. Successful exploits will allow attackers to execute arbitrary commands in the context of the affected application. This may further aid in other attacks. Dell iDRAC6 modular, iDRAC6 monolithic and iDRAC7 are all system management solutions from Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. , which provides the ability to monitor, control, and automatically report on the health of a large number of servers. A security vulnerability exists in IPMI version 1.5 of several Dell products. The following products and versions are affected: Dell iDRAC6 modular 3.60 and earlier, iDRAC6 monolithic 1.97 and earlier, iDRAC7 1.56.55 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0537",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ipmi",
"scope": "eq",
"trust": 1.8,
"vendor": "intel",
"version": "1.5"
},
{
"model": "idrac6 modular",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "3.60"
},
{
"model": "idrac6 monolithic",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "1.97"
},
{
"model": "idrac7",
"scope": "lte",
"trust": 1.0,
"vendor": "dell",
"version": "1.56.55"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell computer",
"version": null
},
{
"model": "idrac6 modular",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "version 3.60"
},
{
"model": "idrac6 monolithic",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "version 1.97"
},
{
"model": "idrac7 module",
"scope": "lte",
"trust": 0.8,
"vendor": "dell",
"version": "version 1.56.55"
},
{
"model": "idrac6 modular",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "3.60"
},
{
"model": "idrac7",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": "1.56.55"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#843044"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"db": "NVD",
"id": "CVE-2014-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.60",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.56.55",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.97",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yong Chuan Koh",
"sources": [
{
"db": "BID",
"id": "71750"
}
],
"trust": 0.3
},
"cve": "CVE-2014-8272",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "HIGH",
"baseScore": 10.0,
"collateralDamagePotential": "LOW-MEDIUM",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "HIGH",
"enviromentalScore": 6.4,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8272",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"integrityRequirement": "HIGH",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-007308",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-76217",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8272",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-8272",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8272",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2014-007308",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-76217",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-8272",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#843044"
},
{
"db": "VULHUB",
"id": "VHN-76217"
},
{
"db": "VULMON",
"id": "CVE-2014-8272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"db": "NVD",
"id": "CVE-2014-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack. Intelligent Platform Management Interface (IPMI) v1.5 Multiple implementations of the protocol Dell iDRAC The product contains a command injection vulnerability due to a session management issue. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.html Sessions where random values should be used ID Is assigned regularly, so Dell iDRAC Next session used by the user logged in ID May be guessed. Also session ID Because the range of values used as is small, it is easy to guess by brute force attacks. Dell Computer Corporation, Inc. Information for VU#843044 (http://www.kb.cert.org/vuls/id/BLUU-9RDQHM) Then Dell Says: * The legacy nature of the IPMI 1.5 protocol exposes several weaknesses in * the overall design and implementation. These are: * Use of an insecure (unencrypted) channel for communication. * Poor password management including limited password length. * Limited session management capability. * These weaknesses are inherent in the overall design and implementation * of the protocol, therefore support for the IPMI 1.5 version of the protocol * has been permanently removed. This means that it will not be possible to * reactivate or enable it in an operational setting.By a remote third party, Dell iDRAC Could be hijacked to connect to and execute arbitrary commands. Multiple Dell iDRAC Products are prone to a vulnerability that lets attackers inject arbitrary commands. \nSuccessful exploits will allow attackers to execute arbitrary commands in the context of the affected application. This may further aid in other attacks. Dell iDRAC6 modular, iDRAC6 monolithic and iDRAC7 are all system management solutions from Dell (Dell) including hardware and software. This solution provides functions such as remote management, crash recovery and power control for Dell PowerEdge systems. , which provides the ability to monitor, control, and automatically report on the health of a large number of servers. A security vulnerability exists in IPMI version 1.5 of several Dell products. The following products and versions are affected: Dell iDRAC6 modular 3.60 and earlier, iDRAC6 monolithic 1.97 and earlier, iDRAC7 1.56.55 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8272"
},
{
"db": "CERT/CC",
"id": "VU#843044"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"db": "BID",
"id": "71750"
},
{
"db": "VULHUB",
"id": "VHN-76217"
},
{
"db": "VULMON",
"id": "CVE-2014-8272"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-76217",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35770",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-76217"
},
{
"db": "VULMON",
"id": "CVE-2014-8272"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-8272",
"trust": 3.7
},
{
"db": "CERT/CC",
"id": "VU#843044",
"trust": 3.7
},
{
"db": "EXPLOIT-DB",
"id": "35770",
"trust": 1.2
},
{
"db": "JVN",
"id": "JVNVU90515133",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007308",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-429",
"trust": 0.7
},
{
"db": "BID",
"id": "71750",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-90211",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "129952",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-76217",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-8272",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#843044"
},
{
"db": "VULHUB",
"id": "VHN-76217"
},
{
"db": "VULMON",
"id": "CVE-2014-8272"
},
{
"db": "BID",
"id": "71750"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"db": "NVD",
"id": "CVE-2014-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
]
},
"id": "VAR-201412-0537",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-76217"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:57:50.319000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Intelligent Platform Management Interface (IPMI) Information",
"trust": 0.8,
"url": "http://www.intel.com/content/www/us/en/servers/ipmi/ipmi-home.html"
},
{
"title": "DELL iDRAC 1.57.57 Driver Details",
"trust": 0.8,
"url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=xh6fx"
},
{
"title": "iDRAC6 Monolithic Release 1.98 Driver Details",
"trust": 0.8,
"url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=78m0v"
},
{
"title": "iDRAC6 MODULAR 3.65 release Driver Details",
"trust": 0.8,
"url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=61w8x"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/tdrft6/awesome-rat-master "
},
{
"title": "Awesome-RATs",
"trust": 0.1,
"url": "https://github.com/blackhat-ssg/awesome-rats "
},
{
"title": "RAT-Army",
"trust": 0.1,
"url": "https://github.com/dailyhijacks/rat-army "
},
{
"title": "Rat-Pack",
"trust": 0.1,
"url": "https://github.com/imtheblackpantherxd/rat-pack "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-8272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007308"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"db": "NVD",
"id": "CVE-2014-8272"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.kb.cert.org/vuls/id/843044"
},
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/bluu-9rdqhm"
},
{
"trust": 1.2,
"url": "http://www.exploit-db.com/exploits/35770"
},
{
"trust": 0.8,
"url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=61w8x"
},
{
"trust": 0.8,
"url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=78m0v"
},
{
"trust": 0.8,
"url": "http://www.dell.com/support/home/us/en/19/drivers/driversdetails?driverid=xh6fx"
},
{
"trust": 0.8,
"url": "http://www.intel.com/content/www/us/en/servers/ipmi/second-gen-interface-spec-v2-rev1-4.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8272"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu90515133/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8272"
},
{
"trust": 0.3,
"url": "http://en.community.dell.com/techcenter/systems-management/w/wiki/4357.idrac6-home.aspx"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=36819"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/35770/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#843044"
},
{
"db": "VULHUB",
"id": "VHN-76217"
},
{
"db": "VULMON",
"id": "CVE-2014-8272"
},
{
"db": "BID",
"id": "71750"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"db": "NVD",
"id": "CVE-2014-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#843044"
},
{
"db": "VULHUB",
"id": "VHN-76217"
},
{
"db": "VULMON",
"id": "CVE-2014-8272"
},
{
"db": "BID",
"id": "71750"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"db": "NVD",
"id": "CVE-2014-8272"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-18T00:00:00",
"db": "CERT/CC",
"id": "VU#843044"
},
{
"date": "2014-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-76217"
},
{
"date": "2014-12-19T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8272"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71750"
},
{
"date": "2014-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"date": "2014-12-19T11:59:05.290000",
"db": "NVD",
"id": "CVE-2014-8272"
},
{
"date": "2014-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-18T00:00:00",
"db": "CERT/CC",
"id": "VU#843044"
},
{
"date": "2015-02-05T00:00:00",
"db": "VULHUB",
"id": "VHN-76217"
},
{
"date": "2015-02-05T00:00:00",
"db": "VULMON",
"id": "CVE-2014-8272"
},
{
"date": "2014-12-19T00:00:00",
"db": "BID",
"id": "71750"
},
{
"date": "2014-12-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007308"
},
{
"date": "2015-02-05T20:13:24.463000",
"db": "NVD",
"id": "CVE-2014-8272"
},
{
"date": "2014-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Dell iDRAC IPMI v1.5 implementations use insufficiently random session ID values",
"sources": [
{
"db": "CERT/CC",
"id": "VU#843044"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-429"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…