English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.103840
Category:General
Title:IPMI Cipher Suite 0 (Cipher Zero) Authentication Bypass Vulnerability (IPMI Protocol)
Summary:Intelligent Platform Management Interface (IPMI) services are; prone to an authentication bypass vulnerability through the use of cipher suite 0 (aka cipher; zero).
Description:Summary:
Intelligent Platform Management Interface (IPMI) services are
prone to an authentication bypass vulnerability through the use of cipher suite 0 (aka cipher
zero).

Vulnerability Insight:
The remote IPMI service accepted a session open request for
cipher suite 0 (aka cipher zero).

Vulnerability Impact:
Attackers can exploit this issue to gain administrative access to
the device and disclose sensitive information.

Affected Software/OS:
The following products are known to be affected:

- Supermicro BMC implementation

- Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware
before 1.23.23

- HP Integrated Lights-Out (iLO) BMC implementation

- Raritan PX before 1.5.11 on DPXR20A-16 devices

Other versions or vendors might be affected as well.

Solution:
- Supermicro has released fixes for its BMC firmware, please
see the references for more info

- For other vendors: Ask the Vendor for an update / more information

- Disable the usage of cipher suite 0 by following vendor instructions

Please contact the vendor of the remote device for more information.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-4782
http://fish2.com/ipmi/cipherzero.html
http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero
http://www.wired.com/threatlevel/2013/07/ipmi/
https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html
http://osvdb.org/show/osvdb/93038
Common Vulnerability Exposure (CVE) ID: CVE-2013-4783
ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf
http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx
http://osvdb.org/show/osvdb/93039
Common Vulnerability Exposure (CVE) ID: CVE-2013-4784
http://osvdb.org/show/osvdb/93040
XForce ISS Database: hp-ilo-cve20134784-sec-bypass(85569)
https://exchange.xforce.ibmcloud.com/vulnerabilities/85569
Common Vulnerability Exposure (CVE) ID: CVE-2014-2955
CERT/CC vulnerability note: VU#712660
http://www.kb.cert.org/vuls/id/712660
http://seclists.org/fulldisclosure/2014/Jul/14
CopyrightCopyright (C) 2013 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.