/

CVE-2017-9841 Report - Details, Severity, & Advisories

CVE-2017-9841 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2013-4786?

CVE-2013-4786 is a high-severity vulnerability in the IPMI 2.0 specification, specifically the RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, compromising the security of affected systems. Systems using IPMI 2.0 with RAKP authentication are at risk. It is crucial for organizations to address this vulnerability to protect their systems and data.

Who is impacted by this?

CVE-2013-4786 affects users of systems with IPMI 2.0 specification supporting RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This includes Fujitsu M10-1, M10-4, M10-4S Servers with XCP Firmware prior to XCP2290, Oracle Fujitsu M10 Firmware up to (including) 2290, and Intel Intelligent Platform Management Interface 2.0. Users of BMCs that utilize the IPMI protocol, such as HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, IBM IMM, and Supermicro IPMI, may also be affected. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, compromising system security.

What to do if CVE-2017-9841 affected you

If you're affected by the CVE-2017-9841 vulnerability, it's crucial to take immediate action to secure your system. Follow these simple steps to mitigate the risk:

  1. Remove phpunit and other dev packages, as they are not required for the production environment by running $ composer install --no-dev.

  2. Update phpunit to a non-vulnerable version (4.8.28, 5.6.3, or 6.x) by running $ composer update.

  3. Manually apply the patch by replacing the code of eval-stdin.php with eval('?>' . \\\\file_get_contents('php://stdin'));.

  4. Disable direct access to composer packages by placing a .htaccess file in the /vendor folder with the content: Deny from all.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The PHPUnit Command Injection Vulnerability (CVE-2017-9841) is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on February 15, 2022, and the due date for taking action is August 15, 2022.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-94, which refers to improper control of code generation, leading to code injection issues.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2017-9841 Report - Details, Severity, & Advisories

CVE-2017-9841 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2013-4786?

CVE-2013-4786 is a high-severity vulnerability in the IPMI 2.0 specification, specifically the RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, compromising the security of affected systems. Systems using IPMI 2.0 with RAKP authentication are at risk. It is crucial for organizations to address this vulnerability to protect their systems and data.

Who is impacted by this?

CVE-2013-4786 affects users of systems with IPMI 2.0 specification supporting RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This includes Fujitsu M10-1, M10-4, M10-4S Servers with XCP Firmware prior to XCP2290, Oracle Fujitsu M10 Firmware up to (including) 2290, and Intel Intelligent Platform Management Interface 2.0. Users of BMCs that utilize the IPMI protocol, such as HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, IBM IMM, and Supermicro IPMI, may also be affected. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, compromising system security.

What to do if CVE-2017-9841 affected you

If you're affected by the CVE-2017-9841 vulnerability, it's crucial to take immediate action to secure your system. Follow these simple steps to mitigate the risk:

  1. Remove phpunit and other dev packages, as they are not required for the production environment by running $ composer install --no-dev.

  2. Update phpunit to a non-vulnerable version (4.8.28, 5.6.3, or 6.x) by running $ composer update.

  3. Manually apply the patch by replacing the code of eval-stdin.php with eval('?>' . \\\\file_get_contents('php://stdin'));.

  4. Disable direct access to composer packages by placing a .htaccess file in the /vendor folder with the content: Deny from all.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The PHPUnit Command Injection Vulnerability (CVE-2017-9841) is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on February 15, 2022, and the due date for taking action is August 15, 2022.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-94, which refers to improper control of code generation, leading to code injection issues.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2017-9841 Report - Details, Severity, & Advisories

Twingate Team

Jul 4, 2024

What is CVE-2013-4786?

CVE-2013-4786 is a high-severity vulnerability in the IPMI 2.0 specification, specifically the RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, compromising the security of affected systems. Systems using IPMI 2.0 with RAKP authentication are at risk. It is crucial for organizations to address this vulnerability to protect their systems and data.

Who is impacted by this?

CVE-2013-4786 affects users of systems with IPMI 2.0 specification supporting RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. This includes Fujitsu M10-1, M10-4, M10-4S Servers with XCP Firmware prior to XCP2290, Oracle Fujitsu M10 Firmware up to (including) 2290, and Intel Intelligent Platform Management Interface 2.0. Users of BMCs that utilize the IPMI protocol, such as HP iLO, Dell DRAC, Sun ILOM, Fujitsu iRMC, IBM IMM, and Supermicro IPMI, may also be affected. This vulnerability allows remote attackers to obtain password hashes and conduct offline password guessing attacks, compromising system security.

What to do if CVE-2017-9841 affected you

If you're affected by the CVE-2017-9841 vulnerability, it's crucial to take immediate action to secure your system. Follow these simple steps to mitigate the risk:

  1. Remove phpunit and other dev packages, as they are not required for the production environment by running $ composer install --no-dev.

  2. Update phpunit to a non-vulnerable version (4.8.28, 5.6.3, or 6.x) by running $ composer update.

  3. Manually apply the patch by replacing the code of eval-stdin.php with eval('?>' . \\\\file_get_contents('php://stdin'));.

  4. Disable direct access to composer packages by placing a .htaccess file in the /vendor folder with the content: Deny from all.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The PHPUnit Command Injection Vulnerability (CVE-2017-9841) is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on February 15, 2022, and the due date for taking action is August 15, 2022.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-94, which refers to improper control of code generation, leading to code injection issues.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the sources listed below.