QwikSec

Security Database

CVE

CWE

Training

CVE-2013-4783

Published: Jul 8, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx

x_refsource_MISC

http://www.wired.com/threatlevel/2013/07/ipmi/

x_refsource_MISC

http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

http://fish2.com/ipmi/cipherzero.html

x_refsource_MISC

[Freeipmi-devel] 20130222 The Infamous Cipher Zero, I presume?

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.