CVE-2013-4782
published 2013-07-08CVE-2013-4782: The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher…
PriorityP276critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
26.02%
97.7th percentile
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect IPMI 2.0 authentication attempts using cipher suite 0 (cipher zero); legitimate IPMI sessions should not use cipher suite 0 as it provides no authentication or encryption. ↗
- →Scan for IPMI 2.0-compatible systems accepting cipher zero to identify vulnerable Supermicro BMC implementations exposed on the network. ↗
- ·The vulnerability is specific to Supermicro BMC implementations of IPMI 2.0; cipher zero is a protocol-level weakness where the cipher suite negotiation accepts suite 0, which disables authentication entirely, allowing any arbitrary password to succeed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://fish2.com/ipmi/cipherzero.htmlhttp://osvdb.org/show/osvdb/93038http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zerohttp://www.wired.com/threatlevel/2013/07/ipmi/https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.htmlhttp://fish2.com/ipmi/cipherzero.htmlhttp://osvdb.org/show/osvdb/93038http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zerohttp://www.wired.com/threatlevel/2013/07/ipmi/https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html
2013-07-08
Published