iDRAC

Yong Chuan Koh
8 Jan 2015

CVE-2014-8272: A Case of Weak Session-ID in Dell iDRAC

A vulnerability in Dell iDRAC's IPMI v1.5 implementation allows unauthenticated attackers to predict session IDs. The weak session ID generation mechanism enables attackers to inject arbitrary commands into privileged sessions by exploiting predictable session identification. The vulnerability potentially allows privilege escalation across different IPMI communication channels.