/

cve-2013-4786 Report - Details, Severity, & Advisories

cve-2013-4786 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2013-4786?

CVE-2013-4786 is a high-severity vulnerability in the IPMI 2.0 specification, specifically the RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, potentially compromising the security of affected systems. Systems using IPMI 2.0 with RAKP authentication, such as certain server models and firmware, are at risk. It is crucial for organizations to address this vulnerability to protect their systems and data.

Who is impacted by this?

The CVE-2013-4786 vulnerability affects users of systems with IPMI 2.0 specification supporting RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This includes Fujitsu M10-1, M10-4, M10-4S Servers with XCP Firmware prior to XCP2290, Oracle Fujitsu M10 Firmware up to (including) 2290, and Intel Intelligent Platform Management Interface 2.0. Users of BMCs that utilize the IPMI protocol, such as HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, IBM IMM, and Supermicro IPMI, may also be affected. The vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, potentially compromising the security of affected systems.

What to do if cve-2013-4786 affected you

If you're affected by the CVE-2013-4786 vulnerability, it's important to take action to protect your systems. Here are some steps to follow:

  1. Isolate all BMCs into a separate network.

  2. Ensure BMCs are not using default passwords and update them regularly.

  3. Keep the firmware of BMCs up-to-date to avoid known vulnerabilities.

  4. Monitor and audit BMC access to detect unauthorized access attempts.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2013-4786 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is an issue with the IPMI 2.0 specification, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks. To protect your systems, it is important to isolate BMCs, update passwords, keep firmware up-to-date, and monitor access attempts.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-255, which involves credentials management errors in the IPMI 2.0 specification.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

cve-2013-4786 Report - Details, Severity, & Advisories

cve-2013-4786 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2013-4786?

CVE-2013-4786 is a high-severity vulnerability in the IPMI 2.0 specification, specifically the RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, potentially compromising the security of affected systems. Systems using IPMI 2.0 with RAKP authentication, such as certain server models and firmware, are at risk. It is crucial for organizations to address this vulnerability to protect their systems and data.

Who is impacted by this?

The CVE-2013-4786 vulnerability affects users of systems with IPMI 2.0 specification supporting RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This includes Fujitsu M10-1, M10-4, M10-4S Servers with XCP Firmware prior to XCP2290, Oracle Fujitsu M10 Firmware up to (including) 2290, and Intel Intelligent Platform Management Interface 2.0. Users of BMCs that utilize the IPMI protocol, such as HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, IBM IMM, and Supermicro IPMI, may also be affected. The vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, potentially compromising the security of affected systems.

What to do if cve-2013-4786 affected you

If you're affected by the CVE-2013-4786 vulnerability, it's important to take action to protect your systems. Here are some steps to follow:

  1. Isolate all BMCs into a separate network.

  2. Ensure BMCs are not using default passwords and update them regularly.

  3. Keep the firmware of BMCs up-to-date to avoid known vulnerabilities.

  4. Monitor and audit BMC access to detect unauthorized access attempts.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2013-4786 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is an issue with the IPMI 2.0 specification, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks. To protect your systems, it is important to isolate BMCs, update passwords, keep firmware up-to-date, and monitor access attempts.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-255, which involves credentials management errors in the IPMI 2.0 specification.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page and the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

cve-2013-4786 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2013-4786?

CVE-2013-4786 is a high-severity vulnerability in the IPMI 2.0 specification, specifically the RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, potentially compromising the security of affected systems. Systems using IPMI 2.0 with RAKP authentication, such as certain server models and firmware, are at risk. It is crucial for organizations to address this vulnerability to protect their systems and data.

Who is impacted by this?

The CVE-2013-4786 vulnerability affects users of systems with IPMI 2.0 specification supporting RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This includes Fujitsu M10-1, M10-4, M10-4S Servers with XCP Firmware prior to XCP2290, Oracle Fujitsu M10 Firmware up to (including) 2290, and Intel Intelligent Platform Management Interface 2.0. Users of BMCs that utilize the IPMI protocol, such as HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, IBM IMM, and Supermicro IPMI, may also be affected. The vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, potentially compromising the security of affected systems.

What to do if cve-2013-4786 affected you

If you're affected by the CVE-2013-4786 vulnerability, it's important to take action to protect your systems. Here are some steps to follow:

  1. Isolate all BMCs into a separate network.

  2. Ensure BMCs are not using default passwords and update them regularly.

  3. Keep the firmware of BMCs up-to-date to avoid known vulnerabilities.

  4. Monitor and audit BMC access to detect unauthorized access attempts.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2013-4786 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. It is an issue with the IPMI 2.0 specification, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks. To protect your systems, it is important to isolate BMCs, update passwords, keep firmware up-to-date, and monitor access attempts.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-255, which involves credentials management errors in the IPMI 2.0 specification.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page and the resources listed below.