CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
77.9%
Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
CWE-287: Improper Authentication- CVE-2014-2955
Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. Other product models and software versions may also be affected.
A remote unauthenticated attacker may be able to login and administer the device with full permissions of the compromised account.
Apply an Update
Raritan has provided a limited availability release, version 1.5.11. Raritan advises users to contact their sales or technical support for more details on how to obtain the release.
Restrict Access
Appropriate firewall rules and VLAN segmentation should be implemented so the management interface is not accessible from the general network.
712660
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: May 19, 2014 Updated: July 10, 2014
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Temporal | 9 | E:H/RL:TF/RC:C |
Environmental | 7.0 | CDP:LM/TD:M/CR:H/IR:H/AR:H |
Thanks to Joerg Kost for reporting this vulnerability.
This document was written by Chris King.
CVE IDs: | CVE-2014-2955 |
---|---|
Date Public: | 2014-07-10 Date First Published: |