IPMI Cipher Suite Zero Authentication Bypass

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote IPMI service is affected by an authentication bypass.

Description :

The IPMI service listening on the remote system has cipher suite zero
enabled, which permits logon as an administrator without requiring a
password. Once logged in, a remote attacker may perform a variety of
actions, including powering off the remote system.

Note that this plugin checks generically for the Cipher Suite Zero
authentication bypass vulnerability using a number of common accounts.

See also :

http://fish2.com/ipmi/cipherzero.html

Solution :

Disable cipher suite zero or limit access to the IPMI service.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.5
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 68931 ()

Bugtraq ID: 61001
68499

CVE ID: CVE-2013-4782
CVE-2013-4783
CVE-2013-4784
CVE-2014-2955