CVE-2013-4784

HP iLO - Auth Bypass

Title source: llm

Description

The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Exploits (1)

nomisec WORKING POC

by alexoslabs · poc

https://github.com/alexoslabs/ipmitest

View Code ZIP pw:eip

References (7)

[Various Sources] http://fish2.com/ipmi/cipherzero.html

[Various Sources] http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero

[Various Sources] http://www.wired.com/threatlevel/2013/07/ipmi/

[Various Sources] https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html

[Third Party Advisory, VDB Entry] http://osvdb.org/show/osvdb/93040

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/85569

Scores

EPSS 0.5071

EPSS Percentile 97.8%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

hp/integrated_lights-out_bmc

Timeline

Published Jul 08, 2013

Tracked Since Feb 18, 2026