Vulnerability Data

by Reconmap

CVE-2013-4786

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.

Published at
2013-07-08T22:55Z
3968 days ago
Modified
2020-10-29T00:15Z
1299 days ago
CWE-255
Problem type

Impact

CVSS v3 vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Severity Score Vector

7.5CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References


URLType
fish2.com
http://fish2.com/ipmi/remote-pw-cracking.html		MISC
community.rapid7.com
https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi		MISC
www.oracle.com
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html		CONFIRM
HPSBHF02981
http://marc.info/?l=bugtraq&m=139653661621384&w=2		HP
support.hpe.com
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764		CONFIRM
security.netapp.com
https://security.netapp.com/advisory/ntap-20190919-0005/		CONFIRM
nvidia.custhelp.com
https://nvidia.custhelp.com/app/answers/detail/a_id/5010		CONFIRM

GET https://vulnerabilitydata.com/api/details/CVE-2013-4786

{
	"id": "CVE-2013-4786",
	"published_date": "2013-07-08T22:55Z",
	"last_modified_date": "2020-10-29T00:15Z",
	"assigner": "cve@mitre.org",
	"description": "The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.",
	"references": [
		{
			"url": "http://fish2.com/ipmi/remote-pw-cracking.html",
			"name": "http://fish2.com/ipmi/remote-pw-cracking.html",
			"refsource": "MISC",
			"tags": []
		},
		{
			"url": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi",
			"name": "https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi",
			"refsource": "MISC",
			"tags": []
		},
		{
			"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
			"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "http://marc.info/?l=bugtraq&m=139653661621384&w=2",
			"name": "HPSBHF02981",
			"refsource": "HP",
			"tags": []
		},
		{
			"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764",
			"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "https://security.netapp.com/advisory/ntap-20190919-0005/",
			"name": "https://security.netapp.com/advisory/ntap-20190919-0005/",
			"refsource": "CONFIRM",
			"tags": []
		},
		{
			"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010",
			"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/5010",
			"refsource": "CONFIRM",
			"tags": []
		}
	],
	"impact": {
		"baseMetricV3": {
			"cvssV3": {
				"version": "3.0",
				"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
				"attackVector": "NETWORK",
				"attackComplexity": "LOW",
				"privilegesRequired": "NONE",
				"userInteraction": "NONE",
				"scope": "UNCHANGED",
				"confidentialityImpact": "HIGH",
				"integrityImpact": "NONE",
				"availabilityImpact": "NONE",
				"baseScore": 7.5,
				"baseSeverity": "HIGH"
			},
			"exploitabilityScore": 3.9,
			"impactScore": 3.6
		},
		"baseMetricV2": {
			"cvssV2": {
				"version": "2.0",
				"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
				"accessVector": "NETWORK",
				"accessComplexity": "LOW",
				"authentication": "NONE",
				"confidentialityImpact": "COMPLETE",
				"integrityImpact": "NONE",
				"availabilityImpact": "NONE",
				"baseScore": 7.8
			},
			"severity": "HIGH",
			"exploitabilityScore": 10,
			"impactScore": 6.9,
			"obtainAllPrivilege": false,
			"obtainUserPrivilege": false,
			"obtainOtherPrivilege": false,
			"userInteractionRequired": false
		}
	},
	"problem_type": "CWE-255"
}