Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 154
  • Last Modified:

IPMI Cipher Zero vulnerability on server 2012?

I got a vulnerability report stating that my server 2012 has the ipmi cipher vuln but its pointing to my server address and not the idrac. Any idea if a server can have this vulnerability?
0
Larry Kiterling
Asked:
Larry Kiterling
1 Solution
 
btanExec ConsultantCommented:
should not be the win server since it is not running ipmi, even though it is hosted by the dell idrac
https://nmap.org/nsedoc/scripts/ipmi-cipher-zero.html
You can test using nmap
nmap -sU --script ipmi-cipher-zero -p 623 <host>

PORT      STATE         SERVICE REASON
623/udp open|filtered unknown no-response
| ipmi-cipher-zero:
|   VULNERABLE:
|   IPMI 2.0 RAKP Cipher Zero Authentication Bypass
|     State: VULNERABLE
|     Risk factor: High
|     Description:
or ipmitool
$ ipmitool -I lanplus -H 10.0.0.99 -U Administrator -P FluffyWabbit user list
Error: Unable to establish IPMI v2 / RMCP+ session
Get User Access command failed (channel 14, user 1)

$ ipmitool -I lanplus -C 0 -H 10.0.0.99 -U Administrator -P FluffyWabbit user list

ID  Name        Callin  Link Auth    IPMI Msg  Channel Priv Limit
1  Administrator    true    false      true      ADMINISTRATOR
2  (Empty User)    true    false      false      NO ACCESS
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now