InfoSec Handlers Diary Blog - New Supermicro IPMI/BMC Vulnerability

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- IT Audit
- Computer Forensics
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

New Supermicro IPMI/BMC Vulnerability

Published: 2014-06-19
Last Updated: 2014-06-19 21:52:47 UTC
by Tony Carothers (Version: 1)

A new vulnerability has been released by the CARI.net team regarding Supermicro�??s implementation of IPMI/BMC for management. The vulnerability involves a plaintext password file available for download simply by connecting to the specific port, 49152. One of our team has tested this vulnerability, and it works like a champ, so let�??s add another log to the fire and spread the good word. The CARI.net team has a great writeup on the vulnerability linked below:

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

Much thanx to the Zach at CARI.net for the heads-up.

tony d0t carothers --gmail

Keywords: BMC IPMI

5 comment(s)

SANS SEC401: Security Essentials Bootcamp Style. Learn the most effective steps to prevent attacks and detect adversaries with actionable techniques that you can directly apply when you get back to work.

Top of page

Diary Archives