Published: 08/07/2013 Updated: 29/08/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 890

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

The HP Integrated Lights-Out (iLO) BMC implementation allows remote malicious users to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Vulnerable Product	Search on Vulmon	Subscribe to Product
hp integrated lights-out bmc

Shell script for testing the IPMI cipher type zero authentication bypass vulnerability (CVE-2013-4784)

ipmitest Shell script for testing the IPMI cipher type zero authentication bypass vulnerability (CVE-2013-4784) The IPMI is a standardized computer system interface used by system administrators for out-of-band management of computer systems and monitoring of their operation It is a way to manage a computer that may be powered off or otherwise unresponsive by using a network

CWE-287 http://www.wired.com/threatlevel/2013/07/ipmi/http://fish2.com/ipmi/cipherzero.html http://osvdb.org/show/osvdb/93040 https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html https://exchange.xforce.ibmcloud.com/vulnerabilities/85569 https://nvd.nist.gov https://github.com/alexoslabs/ipmitest

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-4784

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect