CVE-2013-4786

Vulnerability from cvelistv5

Published

2013-07-08 22:00

Modified

2024-08-06 16:52

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://fish2.com/ipmi/remote-pw-cracking.html
	cve@mitre.org	http://marc.info/?l=bugtraq&m=139653661621384&w=2
	cve@mitre.org	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
	cve@mitre.org	https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
	cve@mitre.org	https://nvidia.custhelp.com/app/answers/detail/a_id/5010
	cve@mitre.org	https://security.netapp.com/advisory/ntap-20190919-0005/
	cve@mitre.org	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:27.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://fish2.com/ipmi/remote-pw-cracking.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "HPSBHF02981",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=139653661621384\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190919-0005/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-01-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-28T23:06:15",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://fish2.com/ipmi/remote-pw-cracking.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
        },
        {
          "name": "HPSBHF02981",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=139653661621384\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190919-0005/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4786",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi",
              "refsource": "MISC",
              "url": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi"
            },
            {
              "name": "http://fish2.com/ipmi/remote-pw-cracking.html",
              "refsource": "MISC",
              "url": "http://fish2.com/ipmi/remote-pw-cracking.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "HPSBHF02981",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=139653661621384\u0026w=2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190919-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190919-0005/"
            },
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010",
              "refsource": "CONFIRM",
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4786",
    "datePublished": "2013-07-08T22:00:00",
    "dateReserved": "2013-07-08T00:00:00",
    "dateUpdated": "2024-08-06T16:52:27.225Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-4786\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-07-08T22:55:01.217\",\"lastModified\":\"2020-10-29T00:15:12.113\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.\"},{\"lang\":\"es\",\"value\":\"La especificaci\u00f3n IPMI 2.0 soporta autenticaci\u00f3n \\\"RMCP+ Authenticated Key-Exchange Protocol (RAKP)\\\", lo que permite a atacantes remotos obtener res\u00famenes de contrase\u00f1as y llevar a cabo ataques fuera de l\u00ednea de adivinaci\u00f3n de contrase\u00f1a consiguiendo el HMAC de un mensaje RAKP 2 respondido desde un BMC.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.8},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:fujitsu_m10_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2290\",\"matchCriteriaId\":\"A3861055-D7FB-4C07-BE61-6879D3638B07\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:intel:intelligent_platform_management_interface:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EC1939A-0635-433A-88AA-B9F7BA58CC5E\"}]}]}],\"references\":[{\"url\":\"http://fish2.com/ipmi/remote-pw-cracking.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=139653661621384\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://nvidia.custhelp.com/app/answers/detail/a_id/5010\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190919-0005/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

gsd-2013-4786

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-4786

Aliases

CVE-2013-4786

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4786",
    "description": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.",
    "id": "GSD-2013-4786"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-4786"
      ],
      "details": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.",
      "id": "GSD-2013-4786",
      "modified": "2023-12-13T01:22:15.947748Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-4786",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi",
            "refsource": "MISC",
            "url": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi"
          },
          {
            "name": "http://fish2.com/ipmi/remote-pw-cracking.html",
            "refsource": "MISC",
            "url": "http://fish2.com/ipmi/remote-pw-cracking.html"
          },
          {
            "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764",
            "refsource": "CONFIRM",
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
          },
          {
            "name": "HPSBHF02981",
            "refsource": "HP",
            "url": "http://marc.info/?l=bugtraq\u0026m=139653661621384\u0026w=2"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20190919-0005/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20190919-0005/"
          },
          {
            "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010",
            "refsource": "CONFIRM",
            "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2290",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:intelligent_platform_management_interface:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4786"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://fish2.com/ipmi/remote-pw-cracking.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://fish2.com/ipmi/remote-pw-cracking.html"
            },
            {
              "name": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi",
              "refsource": "MISC",
              "tags": [],
              "url": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
            },
            {
              "name": "HPSBHF02981",
              "refsource": "HP",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=139653661621384\u0026w=2"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190919-0005/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://security.netapp.com/advisory/ntap-20190919-0005/"
            },
            {
              "name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-10-29T00:15Z",
      "publishedDate": "2013-07-08T22:55Z"
    }
  }
}

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. Intelligent Platform Management Interface is prone to an information-disclosure vulnerability. Intelligent Platform Management Interface 2.0 is vulnerable; other versions may also be affected. , which provides the ability to monitor, control, and automatically report on the health of a large number of servers. There is a vulnerability in the RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication supported by the IPMI version 2.0 specification. HP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4)

BACKGROUND

CVSS 2.0 Base Metrics

Reference Base Vector Base Score CVE-2013-4786 (AV:N/AC:M/Au:S/C:C/I:C/A:C) 8.5 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002

RESOLUTION

There is no resolution to this issue. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04197764

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04197764 Version: 2

HPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC - IPMI 2.0 RCMP+ Authentication Remote Password Hash Vulnerability (RAKP)

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.

Release Date: 2018-02-08 Last Updated: 2018-02-07

Potential Security Impact: Remote: Disclosure of Information

Source: Hewlett Packard Enterprise, Product Security Response Team

VULNERABILITY SUMMARY A potential security vulnerability has been identified in HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC. The vulnerability could be exploited to allow an attacker to gain unauthorized privileges and unauthorized access to privileged information.

Note:
- This vulnerability also impacts the RMC of the "Superdome Flex" Server.

References:

CVE-2013-4786

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.

HPE Superdome Flex Server 1.0
HPE Integrated Lights-Out 4 (iLO 4) Firmware for ProLiant Gen8 Servers - All, when IPMI is enabled
HPE Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers - All, when IPMI is enabled
HPE Integrated Lights-Out 2 (iLO 2) Firmware for ProLiant G6 Servers - All, when IPMI is enabled

BACKGROUND

CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector

CVE-2013-4786
  8.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
  8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)

Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:

https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499

RESOLUTION

There is no resolution to this issue. The authentication process for the IPMI 2.0 specification mandates that the server send a salted SHA1 or MD5 hash of the requested user's password to the client, prior to the client authenticating. The BMC returns the password hash for any valid user account requested. This password hash can be broken using an offline brute force or dictionary attack. Because this functionality is a key part of the IPMI 2.0 specification, there is no way to fix the problem without deviating from the IPMI 2.0 specification. HP recommends the following actions to mitigate the risk this introduces:

If you do not need to use IPMI, disable it. You can disable IPMI on iLO2/3/4 using the Disable IPMI over LAN command.
Maintain the latest iLO firmware that contains the most recent security patches.
Employ best practices in the management of the protocols and passwords on your systems and networks. Use strong passwords wherever possible.
If you must use IPMI, use a separate management LAN or VLAN, Access Control Lists (ACLs), or VPN to limit and restrict access to your iLO management interfaces.

For Superdome Flex's RMC:

Refer to the below link for the details:

https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00026813en_us

HISTORY

Version:1 (rev.1) - 1 April 2014 Initial release

Version:2 (rev.2) - 7 February 2018 Include RMC of HPE Superdome Flex as an affected product

Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.

Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.

Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com

Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice

Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive

Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.

3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX

Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1

iQEcBAEBCAAGBQJae19eAAoJELXhAxt7SZaiCHcIAIcbsq0qjJxbuj5bBTnPOQnN yVq6HDHoQf401UTZQj0rcL3TFkn7VlpsNza9D2q5wK6Zsq2cuMYAC482yzWRu5bR HJjXdNmtU0orrz4TnnWRffIUHt1zxFNhjNp9YbnTeoZ9kakW81G+ut7U7vDiK4z+ zubjasa3B33vdOJCBRoUdr6a6xhU4F530JYoBCI0frMjiMwjM+e3KUls0R/rrpIS FYIPbgCDki8+KAMBzIqKz47udyV0DX3Wl3URjaK5YMLqPpu/01GvrCa4QU87r6QS XI/foHXZ4Hb4ThCJP4WvZhHI0t3C3Xtyt4uJEKFzvftyp8sxmxxmElbO8NhLq8w= =NNZA -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201307-0421",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "intelligent platform management interface",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "intel",
        "version": "2.0"
      },
      {
        "model": "fujitsu m10",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "oracle",
        "version": "2290"
      },
      {
        "model": "xcp",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "2290   (fujitsu m10-1/m10-4/m10-4s server )"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:fujitsu_m10_firmware:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2290",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:intel:intelligent_platform_management_interface:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4786"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Dan Farmer",
    "sources": [
      {
        "db": "BID",
        "id": "61076"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-4786",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-4786",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-64788",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2013-4786",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-4786",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201307-123",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-64788",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-4786",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4786"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. Intelligent Platform Management Interface is prone to an information-disclosure vulnerability. \nIntelligent Platform Management Interface 2.0 is vulnerable; other versions may also be affected. , which provides the ability to monitor, control, and automatically report on the health of a large number of servers. There is a vulnerability in the RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication supported by the IPMI version 2.0 specification. \nHP Integrated Lights-Out 2, 3, and 4 (iLO2, iLO3, iLO4)\n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n  Reference              Base Vector             Base Score\nCVE-2013-4786    (AV:N/AC:M/Au:S/C:C/I:C/A:C)       8.5\n===========================================================\n             Information on CVSS is documented\n            in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nThere is no resolution to this issue. \nHewlett-Packard Company shall not be liable for technical or editorial errors\nor omissions contained herein. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04197764\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: c04197764\nVersion: 2\n\nHPSBHF02981 rev.2 - HPE Integrated Lights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and\nHPE Superdome Flex RMC -  IPMI 2.0 RCMP+ Authentication Remote Password Hash\nVulnerability (RAKP)\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2018-02-08\nLast Updated: 2018-02-07\n\nPotential Security Impact: Remote: Disclosure of Information\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in HPE Integrated\nLights-Out 2, 3, 4 (iLO2, iLO3, iLO4) and HPE Superdome Flex RMC. The\nvulnerability could be exploited to allow an attacker to gain unauthorized\nprivileges and unauthorized access to privileged information. \n\n**Note:**  \n  - This vulnerability also impacts the RMC of the \"Superdome Flex\" Server. \n\nReferences:\n\n  - CVE-2013-4786\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \n\n  - HPE Superdome Flex Server 1.0\n  - HPE Integrated Lights-Out 4 (iLO 4) Firmware for ProLiant Gen8 Servers -\nAll, when IPMI is enabled\n  - HPE Integrated Lights-Out 3 (iLO 3) Firmware for ProLiant G7 Servers -\nAll, when IPMI is enabled\n  - HPE Integrated Lights-Out 2 (iLO 2) Firmware for ProLiant G6 Servers -\nAll, when IPMI is enabled\n\nBACKGROUND\n\n  CVSS Base Metrics\n  =================\n  Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n    CVE-2013-4786\n      8.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\n      8.5 (AV:N/AC:M/Au:S/C:C/I:C/A:C)\n\n    Information on CVSS is documented in\n    HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nThere is no resolution to this issue. The authentication process for the IPMI\n2.0 specification mandates that the server send a salted SHA1 or MD5 hash of\nthe requested user\u0027s password to the client, prior to the client\nauthenticating. The BMC returns the password hash for any valid user account\nrequested. This password hash can be broken using an offline brute force or\ndictionary attack. Because this functionality is a key part of the IPMI 2.0\nspecification, there is no way to fix the problem without deviating from the\nIPMI 2.0 specification. HP recommends the following actions to mitigate the\nrisk this introduces:\n\n1.  If you do not need to use IPMI, disable it. You can disable IPMI on\niLO2/3/4 using the Disable IPMI over LAN command. \n2.  Maintain the latest iLO firmware that contains the most recent security\npatches. \n3.  Employ best practices in the management of the protocols and passwords on\nyour systems and networks. Use strong passwords wherever possible. \n4.  If you must use IPMI, use a separate management LAN or VLAN, Access\nControl Lists (ACLs), or VPN to limit and restrict access to your iLO\nmanagement interfaces. \n\n\nFor Superdome Flex\u0027s RMC: \n\n * Refer to the below link for the details:  \n \n\u003chttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00026813en_us\u003e\n\nHISTORY\n\nVersion:1 (rev.1) - 1 April 2014 Initial release\n\nVersion:2 (rev.2) - 7 February 2018 Include RMC of HPE Superdome Flex as an\naffected product\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n  Web form: https://www.hpe.com/info/report-security-vulnerability\n  Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJae19eAAoJELXhAxt7SZaiCHcIAIcbsq0qjJxbuj5bBTnPOQnN\nyVq6HDHoQf401UTZQj0rcL3TFkn7VlpsNza9D2q5wK6Zsq2cuMYAC482yzWRu5bR\nHJjXdNmtU0orrz4TnnWRffIUHt1zxFNhjNp9YbnTeoZ9kakW81G+ut7U7vDiK4z+\nzubjasa3B33vdOJCBRoUdr6a6xhU4F530JYoBCI0frMjiMwjM+e3KUls0R/rrpIS\nFYIPbgCDki8+KAMBzIqKz47udyV0DX3Wl3URjaK5YMLqPpu/01GvrCa4QU87r6QS\nXI/foHXZ4Hb4ThCJP4WvZhHI0t3C3Xtyt4uJEKFzvftyp8sxmxxmElbO8NhLq8w=\n=NNZA\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4786"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "db": "BID",
        "id": "61076"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4786"
      },
      {
        "db": "PACKETSTORM",
        "id": "126011"
      },
      {
        "db": "PACKETSTORM",
        "id": "146306"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-64788",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38633",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4786"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-4786",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-123",
        "trust": 0.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-000002",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "61076",
        "trust": 0.4
      },
      {
        "db": "PACKETSTORM",
        "id": "126011",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "146306",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "38633",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-64788",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4786",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4786"
      },
      {
        "db": "BID",
        "id": "61076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "db": "PACKETSTORM",
        "id": "126011"
      },
      {
        "db": "PACKETSTORM",
        "id": "146306"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ]
  },
  "id": "VAR-201307-0421",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64788"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:30:55.881000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Intelligent Platform Management Interface",
        "trust": 0.8,
        "url": "http://www.intel.com/content/www/us/en/servers/ipmi/ipmi-home.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "title": "Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "title": "April 2016 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2016_critical_patch_update"
      },
      {
        "title": "Red Hat: CVE-2013-4786",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2013-4786"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2016",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=122319027ae43d6d626710f1b1bb1d43"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/fin3ss3g0d/cosmicrakp "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2013-4786"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4786"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://fish2.com/ipmi/remote-pw-cracking.html"
      },
      {
        "trust": 2.1,
        "url": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi"
      },
      {
        "trust": 1.8,
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
      },
      {
        "trust": 1.8,
        "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010"
      },
      {
        "trust": 1.8,
        "url": "https://security.netapp.com/advisory/ntap-20190919-0005/"
      },
      {
        "trust": 1.7,
        "url": "http://marc.info/?l=bugtraq\u0026m=139653661621384\u0026w=2"
      },
      {
        "trust": 1.7,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-c04197764"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4786"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4786"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000002.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.intel.com/content/www/us/en/servers/ipmi/ipmi-home.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html"
      },
      {
        "trust": 0.3,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c04197764"
      },
      {
        "trust": 0.3,
        "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4786"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-c04197764"
      },
      {
        "trust": 0.1,
        "url": "http://marc.info/?l=bugtraq\u0026amp;m=139653661621384\u0026amp;w=2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/255.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/fin3ss3g0d/cosmicrakp"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/38633/"
      },
      {
        "trust": 0.1,
        "url": "https://www.rapid7.com/db/modules/auxiliary/scanner/ipmi/ipmi_dumphashes"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=44733"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/"
      },
      {
        "trust": 0.1,
        "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/security_bulletin_archive"
      },
      {
        "trust": 0.1,
        "url": "https://www.hpe.com/info/report-security-vulnerability"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
      },
      {
        "trust": 0.1,
        "url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c04197764"
      },
      {
        "trust": 0.1,
        "url": "http://www.hpe.com/support/subscriber_choice"
      },
      {
        "trust": 0.1,
        "url": "https://support.hpe.com/hpsc/doc/public/display?docid=emr_na-a00026813en_us\u003e"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4786"
      },
      {
        "db": "BID",
        "id": "61076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "db": "PACKETSTORM",
        "id": "126011"
      },
      {
        "db": "PACKETSTORM",
        "id": "146306"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4786"
      },
      {
        "db": "BID",
        "id": "61076"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "db": "PACKETSTORM",
        "id": "126011"
      },
      {
        "db": "PACKETSTORM",
        "id": "146306"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4786"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-07-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "date": "2013-07-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-4786"
      },
      {
        "date": "2013-07-02T00:00:00",
        "db": "BID",
        "id": "61076"
      },
      {
        "date": "2013-07-10T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "date": "2014-04-03T22:22:00",
        "db": "PACKETSTORM",
        "id": "126011"
      },
      {
        "date": "2018-02-08T23:44:00",
        "db": "PACKETSTORM",
        "id": "146306"
      },
      {
        "date": "2013-07-08T22:55:01.217000",
        "db": "NVD",
        "id": "CVE-2013-4786"
      },
      {
        "date": "2013-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-10-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64788"
      },
      {
        "date": "2020-10-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-4786"
      },
      {
        "date": "2016-07-06T14:29:00",
        "db": "BID",
        "id": "61076"
      },
      {
        "date": "2016-05-31T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      },
      {
        "date": "2020-10-29T00:15:12.113000",
        "db": "NVD",
        "id": "CVE-2013-4786"
      },
      {
        "date": "2022-03-21T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "IPMI Vulnerability to get password hash in specification",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003252"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-123"
      }
    ],
    "trust": 0.6
  }
}

ghsa-5qfx-g363-pvpg

Vulnerability from github

Published

2022-05-13 01:14

Modified

2022-05-13 01:14

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-4786"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-07-08T22:55:00Z",
    "severity": "HIGH"
  },
  "details": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.",
  "id": "GHSA-5qfx-g363-pvpg",
  "modified": "2022-05-13T01:14:01Z",
  "published": "2022-05-13T01:14:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4786"
    },
    {
      "type": "WEB",
      "url": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20190919-0005"
    },
    {
      "type": "WEB",
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-c04197764"
    },
    {
      "type": "WEB",
      "url": "http://fish2.com/ipmi/remote-pw-cracking.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=139653661621384\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-4786

Vulnerability from cvelistv5

gsd-2013-4786

Vulnerability from gsd

var-201307-0421

Vulnerability from variot

CVSS 2.0 Base Metrics

ghsa-5qfx-g363-pvpg

Vulnerability from github

Tags

Sightings

Nomenclature