cbcvebase.
CVE-2013-4782
published 2013-07-08

CVE-2013-4782: The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher…

PriorityP276critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
26.02%
97.7th percentile
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Detection & IOCsextracted from sources · hover to see the quote

othercipher suite 0 (cipher zero) IPMI 2.0 authentication bypass
  • Detect IPMI 2.0 authentication attempts using cipher suite 0 (cipher zero); legitimate IPMI sessions should not use cipher suite 0 as it provides no authentication or encryption.
  • Scan for IPMI 2.0-compatible systems accepting cipher zero to identify vulnerable Supermicro BMC implementations exposed on the network.
  • ·The vulnerability is specific to Supermicro BMC implementations of IPMI 2.0; cipher zero is a protocol-level weakness where the cipher suite negotiation accepts suite 0, which disables authentication entirely, allowing any arbitrary password to succeed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.