CVE-2013-4782

Supermicro BMC - Unauthenticated IPMI Command Execution via Cipher Zero

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-4782. Includes Metasploit module auxiliary/scanner/ipmi/ipmi_cipher_zero.

AI-analyzed exploit summary This Metasploit module scans for IPMI 2.0 systems vulnerable to authentication bypass via cipher zero (CVE-2013-4782). It sends a crafted session open request and checks for acceptance of cipher zero.

Description

The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Exploits (1)

metasploit SCANNER
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero.rb

This Metasploit module scans for IPMI 2.0 systems vulnerable to authentication bypass via cipher zero (CVE-2013-4782). It sends a crafted session open request and checks for acceptance of cipher zero.

Classification
Scanner 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: IPMI 2.0
No auth needed
Prerequisites: Network access to UDP port 623
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources x_refsource_misc
http://www.wired.com/threatlevel/2013/07/ipmi/
Various Sources x_refsource_misc
http://fish2.com/ipmi/cipherzero.html
Various Sources mailing-list x_refsource_mlist
https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/93038

Scores

EPSS 0.2602
EPSS Percentile 97.7%

Details

CWE
CWE-287
Status published
Products (1)
supermicro/bmc
Published Jul 08, 2013
Tracked Since Feb 18, 2026