Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Supermicro IPMI/BMC Vulnerability

Published: 2014-06-19
Last Updated: 2014-06-19 21:52:47 UTC
by Tony Carothers (Version: 1)
5 comment(s)

A new vulnerability has been released by the CARI.net team regarding Supermicro‚??s implementation of IPMI/BMC for management.  The vulnerability involves a plaintext password file available for download simply by connecting to the specific port, 49152.  One of our team has tested this vulnerability, and it works like a champ, so let‚??s add another log to the fire and spread the good word.  The CARI.net team has a great writeup on the vulnerability linked below:

http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/


Much thanx to the Zach at CARI.net for the heads-up.

tony d0t carothers --gmail

Keywords: BMC IPMI
5 comment(s)
Diary Archives