CIM software risks

Albeit not from an infrastructure role myself, most server hardware seems to come with some sort of management (CIM) application, from a risk angle (my role), can anyone give a beginners guides of risks posed if an unauthorised user got say admin access to the CIM for a given server, i.e. what does/would it let you do if you had malicious intentions?
LVL 3
pma111Asked:
Who is Participating?
 
eeRootConnect With a Mentor Commented:
Most admin tools have SNMP access.  And perhaps WMI, telnet, or SSH access as well.  These protocols can allow for everything from reading current system info to making admin/root level changes.  Admin and monitoring tools can be configured for read only access, but a competent hacker can grant themselves an admin role and then have full control, even if the approved admins only have limited access.  Admin and monitoring tools should always be fully patched, access to these tools should be limited, both successful and unsuccessful logins should be logged and reviewed, and changed made by these tools should be logged and reviewed.
0
 
David Johnson, CD, MVPConnect With a Mentor OwnerCommented:
CIM is the industry standard of WMI access, they can do a lot of mischief if they have malicious intentions.
0
 
pma111Author Commented:
>they can do a lot of mischief if they have malicious intentions.

could you provide some examples to assist in our risk assessment?
0
 
eeRootCommented:
Anything from reading data to modifying, copying, or deleting data.  Setting up admin access for themselves, installing backdoor access, etc
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.