Security issue on IPMI v 2.0

  • 5 March 2020
  • 0 replies
  • 2289 views

Userlevel 4
Badge +2

IPMI version 2.0 is susceptible to exploitation that allows an attacker to obtain password hash information.

 

The vulnerability scan on the environment can give the below sample output:- 

Synopsis :

The remote host supports IPMI version 2.0.


Description :

The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response from a BMC.

 

To know the IPMI version on the host, login into the host, run the command for checking BMC version and you’ll get an output similar to:- 

Device ID                 : 32
Device Revision           : 1
Firmware Revision         : 3.63
IPMI Version              : 2.0 <<== IPMI version
Manufacturer ID           : xxxxx
Manufacturer Name         : Supermicro

 

To know how to retrieve the BMC version, check out the post:- https://next.nutanix.com/discussion-forum-14/down-to-the-details-bmc-and-bios-version-of-nutanix-node-37157


 

To know more about how to mitigate/apply solutions to pass the vulnerability scan, take a look at https://portal.nutanix.com/#/page/kbs/details?targetId=kA032000000988iCAA


This topic has been closed for comments