SuperMicro IPMI PSBlock File Plaintext Password Disclosure

critical Nessus Plugin ID 76213

Language:

Synopsis

The remote device is affected by an information disclosure vulnerability.

Description

The remote SuperMicro IPMI device is affected by an information disclosure vulnerability because it exposes all usernames and passwords in plaintext via the PSBlock file. A remote, unauthenticated attacker can exploit this vulnerability to download all usernames and passwords and gain a shell on the device.

Solution

Upgrade to the latest BIOS version.

See Also

http://www.nessus.org/u?8762dc4d

Plugin Details

Severity: Critical

ID: 76213

File Name: supermicro_psblock_password_disclosure.nasl

Version: Revision: 1.6

Type: combined

Published: 6/25/2014

Updated: 11/20/2017

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/h:supermicro:bmc

Exploited by Nessus: true

Vulnerability Publication Date: 6/19/2014