Lucene search

MitreCVE-2013-4784

HistoryJul 08, 2013 - 10:55 p.m.

CVE-2013-4784

2013-07-0822:55:01

CWE-287

mitre

web.nvd.nist.gov

ilo

bmc

authentication bypass

remote attack

ipmi

cipher suite 0

cipher zero

arbitrary password

nvd

cve-2013-4784

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.022

Percentile

89.5%

JSON

The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Affected configurations

Nvd

Node

hpintegrated_lights-out_bmc

VendorProductVersionCPE
hpintegrated_lights-out_bmc*cpe:2.3:h:hp:integrated_lights-out_bmc:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
hp	integrated_lights-out_bmc	*	cpe:2.3:h:hp:integrated_lights-out_bmc::::::::

References

fish2.com/ipmi/cipherzero.html

osvdb.org/show/osvdb/93040

www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero

www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

www.wired.com/threatlevel/2013/07/ipmi/

exchange.xforce.ibmcloud.com/vulnerabilities/85569

lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

Low

EPSS

0.022

Percentile

89.5%

JSON

Related for CVE-2013-4784