Dell iDRAC6 Improper Authentication (CVE-2013-4783)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501892);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id("CVE-2013-4783");
  script_xref(name:"OSVDB", value:"93039");

  script_name(english:"Dell iDRAC6 Improper Authentication (CVE-2013-4783)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before
3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers
to bypass authentication and execute arbitrary IPMI commands by using
cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the
vendor disputes the significance of this issue, stating DRAC's are
intended to be on a separate management network; they are not designed
nor intended to be placed on or connected to the Internet.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbbee7cf");
  # http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?706abaa4");
  script_set_attribute(attribute:"see_also", value:"http://fish2.com/ipmi/cipherzero.html");
  script_set_attribute(attribute:"see_also", value:"http://osvdb.org/show/osvdb/93039");
  # http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?63022bc4");
  script_set_attribute(attribute:"see_also", value:"http://www.wired.com/threatlevel/2013/07/ipmi/");
  # https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c9f54a37");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4783");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(287);

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/07/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:idrac6_bmc");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Dell");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Dell');

var asset = tenable_ot::assets::get(vendor:'Dell');

var vuln_cpes = {
    "cpe:/h:dell:idrac6_bmc" :
        {"family" : "iDRAC6"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);