Weakness in IPMI Implementation Affecting IBM BladeCenter and System x Servers
CVE-2013-4037

Currently unrated

Key Information:

Vendor: IBM
Status: System X3500 M3; Flex System X440 Compute Node; System X3250 M4; System X3550 M3
Vendor: CVE Published:; 9 August 2013

Summary

The Intelligent Platform Management Interface (IPMI) implementation in IBM's Integrated Management Module (IMM) and IMM2 versions has a vulnerability where the RAKP protocol transmits a password hash to clients. This design flaw potentially enables remote attackers to exploit the hash and gain unauthorized access through brute-force techniques, posing a significant security risk to the affected IBM server models.

References

http://www.ibm.com/support/entry/portal/docdisplay?lndoci...

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/86173

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Aug 9, 2013
Vulnerability Reserved
Jun 7, 2013