VDB
JVNDB-2021-000002
JVNDB-2021-000002
PUBLISHED
In Intelligent Platform Management Interface (IPMI) v1.5, Remote Management Control Protocol (RMCP) to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC through RMCP using LAN, unauthorized session may be established. NEC Corporation reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and NEC Corporation coordinated under the Information Security Early Warning Partnership.
Exploit Intelligence
- CVE-2013-4786 Go exploitation tool (github-poc)
- Dumps password hashes from IPMI RPC server, so they can be cracked by external tool such as hashcat. If none is supplied, nselib/data/usernames.lst will be used. The script works by exploiting vulnerability CVE-2013-4786, where in standard communication, attacker can obtain, for every known user, hash containing password, which can be later used for offline cracking. Furthermore, if tried username is not valid, it can be recognised from the communication. (nmap-nse)
Timeline
- Aug 15, 2019 PoC Published
- Jan 13, 2021 CVE Published