This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.
The remote IPMI service is affected by an authentication bypass.
The IPMI service listening on the remote system has cipher suite zero
enabled, which permits logon as an administrator without requiring a
password. Once logged in, a remote attacker may perform a variety of
actions, including powering off the remote system.
Note that this plugin checks generically for the Cipher Suite Zero
authentication bypass vulnerability using a number of common accounts.
See also :
Disable cipher suite zero or limit access to the IPMI service.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 9.5
Public Exploit Available : true
Nessus Plugin ID: 68931 ()
Bugtraq ID: 6100168499
CVE ID: CVE-2013-4782CVE-2013-4783CVE-2013-4784CVE-2014-2955
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.