SuperMicro IPMI PSBlock File Plaintext Password Disclosure

Critical Nessus Plugin ID 76213

Synopsis

The remote device is affected by an information disclosure vulnerability.

Description

The remote SuperMicro IPMI device is affected by an information disclosure vulnerability because it exposes all usernames and passwords in plaintext via the PSBlock file. A remote, unauthenticated attacker can exploit this vulnerability to download all usernames and passwords and gain a shell on the device.

Solution

Upgrade to the latest BIOS version.

See Also

http://www.nessus.org/u?8762dc4d

Plugin Details

Severity: Critical

ID: 76213

File Name: supermicro_psblock_password_disclosure.nasl

Version: Revision: 1.6

Type: combined

Published: 2014/06/25

Modified: 2017/11/20

Dependencies: 35712, 12634

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSSv3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:supermicro:bmc

Exploited by Nessus: true

Vulnerability Publication Date: 2014/06/19