InfoSec Handlers Diary Blog - New Supermicro IPMI/BMC Vulnerability

SANS ISC: InfoSec Handlers Diary Blog - New Supermicro IPMI/BMC Vulnerability

SANS Site Network
- Current Site
- Internet Storm Center
- Other SANS Sites Help
- Graduate Degree Programs
- Security Training
- Security Certification
- Security Awareness Training
- Penetration Testing
- Industrial Control Systems
- Cyber Defense Foundations
- DFIR
- Software Security
- Government OnSite Training

InfoSec Handlers Diary Blog

New Supermicro IPMI/BMC Vulnerability

Published: 2014-06-19
Last Updated: 2014-06-19 21:52:47 UTC
by Tony Carothers (Version: 1)

A new vulnerability has been released by the CARI.net team regarding Supermicro�??s implementation of IPMI/BMC for management. The vulnerability involves a plaintext password file available for download simply by connecting to the specific port, 49152. One of our team has tested this vulnerability, and it works like a champ, so let�??s add another log to the fire and spread the good word. The CARI.net team has a great writeup on the vulnerability linked below:

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/

Much thanx to the Zach at CARI.net for the heads-up.

tony d0t carothers --gmail

Keywords: BMC IPMI

5 comment(s)

Top of page

Diary Archives