CVE-2013-4786

HIGH EXPLOITED IN THE WILD RANSOMWARE

IPMI 2.0 - Info Disclosure

Title source: llm

Description

The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Dan Farmer · perlremotemultiple

https://www.exploit-db.com/exploits/38633

View Code ZIP pw:eip

nomisec WORKING POC 40 stars

by fin3ss3g0d · infoleak

https://github.com/fin3ss3g0d/CosmicRakp

View Code ZIP pw:eip

vulncheck_xdb

infoleak

https://github.com/tallperennial/CosmicRakp

View on vulncheck_xdb

metasploit WORKING POC

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ipmi/ipmi_dumphashes.rb

View Code ZIP pw:eip

References (7)

[Vendor Advisory] https://nvidia.custhelp.com/app/answers/detail/a_id/5010

[Vendor Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04197764

[Various Sources] http://fish2.com/ipmi/remote-pw-cracking.html

[Mailing List] http://marc.info/?l=bugtraq&m=139653661621384&w=2

[Vendor Advisory] http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20190919-0005/

[Third Party Advisory] https://community.rapid7.com/community/metasploit/blog/2013/07/02/a-penetration-testers-guide-to-ipmi

Scores

CVSS v3 7.5

EPSS 0.6784

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2023-02-14

InTheWild.io 2023-02-15

Ransomware Use Confirmed

CWE

CWE-255

Status published

Products (2)

intel/intelligent_platform_management_interface 2.0

oracle/fujitsu_m10_firmware < 2290

Published Jul 08, 2013

Tracked Since Feb 18, 2026