Overview
- Description
- The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 monolithic before 1.98, and iDRAC7 before 1.57.57 does not properly select session ID values, which makes it easier for remote attackers to execute arbitrary commands via a brute-force attack.
- Source
- cret@cert.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/330.html">CWE-330: Use of Insufficiently Random Values</a>
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac6_modular:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A460E054-878C-4E63-945F-7FC03D07E302",
"versionEndIncluding": "3.60"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac7:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4DBDA63-E3CD-486A-864A-9C9B078ACC97",
"versionEndIncluding": "1.56.55"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:intel:ipmi:1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21DFF96C-EBE3-4CAC-B281-50C0A2728C10"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dell:idrac6_monolithic:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3D463D1-92B9-481C-BC39-3E5EDA630A3E",
"versionEndIncluding": "1.97"
}
],
"operator": "OR"
}
]
}
]