CVE-2013-4783

Dell iDRAC6 <1.92 and iDRAC7 <1.23.23 - Auth Bypass

Title source: llm

Description

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet."

References (7)

[Various Sources] ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf

[Various Sources] http://fish2.com/ipmi/cipherzero.html

[Various Sources] http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero

[Various Sources] http://www.wired.com/threatlevel/2013/07/ipmi/

[Various Sources] https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html

[Third Party Advisory, VDB Entry] http://osvdb.org/show/osvdb/93039

[Third Party Advisory] http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx

Scores

EPSS 0.0361

EPSS Percentile 87.6%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

dell/idrac6_bmc

Timeline

Published Jul 08, 2013

Tracked Since Feb 18, 2026