Lucene search

MitreCVELIST:CVE-2013-4782

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-4782

2022-10-0316:14:57

mitre

www.cve.org

supermicro

bmc

vulnerability

cipher suite

bypass

authentication

arbitrary password

ipmi commands

7.9 High

AI Score

Confidence

High

0.07 Low

EPSS

Percentile

94.0%

JSON

The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

References

fish2.com/ipmi/cipherzero.html

osvdb.org/show/osvdb/93038

www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero

www.wired.com/threatlevel/2013/07/ipmi/

lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html