CVE-2013-4786

EUVD-2013-4632
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
oraclefujitsu_m10_firmware
𝑥
≤ 2290
intelintelligent_platform_management_interface
2.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeipmi
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
openipmi
lucid
ignored
precise
ignored
quantal
ignored
raring
ignored
saucy
ignored
Common Weakness Enumeration
References
http://fish2.com/ipmi/remote-pw-cracking.html
http://marc.info/?l=bugtraq&m=139653661621384&w=2
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
https://nvidia.custhelp.com/app/answers/detail/a_id/5010
https://security.netapp.com/advisory/ntap-20190919-0005/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764
http://fish2.com/ipmi/remote-pw-cracking.html
http://marc.info/?l=bugtraq&m=139653661621384&w=2
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
https://nvidia.custhelp.com/app/answers/detail/a_id/5010
https://security.netapp.com/advisory/ntap-20190919-0005/
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764