Vulnerabilities > CVE-2013-4037 - Authentication Bypass vulnerability in Intelligent Platform Management Interface

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

ibm

NVD

Published: 2013-08-09

Updated: 2017-08-29

Summary

The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.

Vulnerable Configurations

Part	Description	Count
Hardware	Ibm IBM Bladecenter Hs22 IBM Bladecenter Hs22V IBM Bladecenter Hs23 IBM Bladecenter Hs23E IBM Bladecenter Hx5 IBM Flex System X220 Compute Node - IBM Flex System X240 Compute Node - IBM Flex System X440 Compute Node - IBM System X3100 M4 - IBM System X3200 M3 - IBM System X3250 M3 - IBM System X3250 M4 - IBM System X3400 M2 - IBM System X3400 M3 - IBM System X3500 M2 - IBM System X3500 M3 - IBM System X3500 M4 - IBM System X3530 M4 - IBM System X3550 M2 - IBM System X3550 M3 - IBM System X3550 M4 - IBM System X3620 M3 - IBM System X3630 M3 - IBM System X3630 M4 - IBM System X3650 M2 - IBM System X3650 M3 - IBM System X3650 M4 - IBM System X3690 X5 - IBM System X3750 M4 - IBM System X3850 X5 - IBM System X3950 X5 - IBM System X Idataplex Dx360 M2 Server - IBM System X Idataplex Dx360 M3 Server - IBM System X Idataplex Dx360 M4 Server -	34

Summary

Vulnerable Configurations

References