Lucene search

[email protected]CVE-2013-4782

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-4782

2022-10-0316:14:57

CWE-287

[email protected]

web.nvd.nist.gov

supermicro

bmc

authentication bypass

ipmi commands

cipher suite

cve-2013-4782

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.07 Low

EPSS

Percentile

94.0%

JSON

The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Affected configurations

NVD

Node

supermicrobmc

CPENameOperatorVersion
supermicro:bmcsupermicro bmceq*

CPE	Name	Operator	Version
supermicro:bmc	supermicro bmc	eq	*

References

fish2.com/ipmi/cipherzero.html

osvdb.org/show/osvdb/93038

www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero

www.wired.com/threatlevel/2013/07/ipmi/

lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

Low

0.07 Low

EPSS

Percentile

94.0%

JSON

Related for CVE-2013-4782

prion1 cvelist1 nvd1