Authentication flaw

2013-07-0822:55:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

Low

0.07 Low

EPSS

Percentile

94.0%

JSON

The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

References

fish2.com/ipmi/cipherzero.html

osvdb.org/show/osvdb/93038

www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero

www.wired.com/threatlevel/2013/07/ipmi/

lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html