NVD Vulnerability Detail

CVE-2013-4786

Summary	The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Publication Date	July 9, 2013, 7:55 a.m.
Registration Date	Jan. 26, 2021, 3:44 p.m.
Last Update	Nov. 21, 2024, 10:56 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:oracle:fujitsu_m10_firmware::::::::			2290

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:intel:intelligent_platform_management_interface:2.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://fish2.com/ipmi/remote-pw-cracking.html
2	http://fish2.com/ipmi/remote-pw-cracking.html
3	http://marc.info/?l=bugtraq&m=139653661621384&w=2
4	http://marc.info/?l=bugtraq&m=139653661621384&w=2
5	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
6	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
7	https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
8	https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi
9	https://nvidia.custhelp.com/app/answers/detail/a_id/5010
10	https://nvidia.custhelp.com/app/answers/detail/a_id/5010
11	https://security.netapp.com/advisory/ntap-20190919-0005/
12	https://security.netapp.com/advisory/ntap-20190919-0005/
13	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764
14	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-255	証明書・パスワード管理	https://cwe.mitre.org/data/definitions/255.html

JVN Vulnerability Information

IPMI の仕様におけるパスワードハッシュを取得される脆弱性

Title	IPMI の仕様におけるパスワードハッシュを取得される脆弱性
Summary	IPMI の仕様は、RMCP+ Authenticated Key-Exchange Protocol (RAKP) 認証をサポートしているため、パスワードハッシュを取得される、およびオフラインパスワード推測攻撃を実行される脆弱性が存在します。
Possible impacts	第三者により、BMC の RAKP Message 2 レスポンスから HMAC を取得されることで、パスワードハッシュを取得される、およびオフラインパスワード推測攻撃を実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	July 8, 2013, midnight
Registration Date	July 10, 2013, 2:04 p.m.
Last Update	May 31, 2016, 11:49 a.m.

Affected System

オラクル

XCP 2290 未満 (Fujitsu M10-1/M10-4/M10-4S サーバ)

インテル

Intelligent Platform Management Interface 2.0

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-4786	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4786
National Vulnerability Database (NVD)
2	CVE-2013-4786	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4786

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-255	https://jvndb.jvn.jp/ja/cwe/CWE-255.html

ベンダー情報

No	Name	URL
Intel
1	Intelligent Platform Management Interface	http://www.intel.com/content/www/us/en/servers/ipmi/ipmi-home.html
Oracle Critical Patch Update
2	Oracle Critical Patch Update Advisory - April 2016	http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
3	Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016	http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
4	Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpuapr2016verbose-2881709.html
SECURITY BLOG
5	April 2016 Critical Patch Update Released	https://blogs.oracle.com/security/entry/april_2016_critical_patch_update

Change Log

No	Changed Details	Date of change
0	[2013年07月10日] 掲載 [2016年05月31日] CVSS による深刻度：内容を更新影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016) を追加ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - April 2016) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - April 2016 Risk Matrices) を追加ベンダ情報：オラクル (April 2016 Critical Patch Update Released) を追加	Feb. 17, 2018, 10:37 a.m.