The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Published 2013-07-08 22:55:01
Updated 2020-10-29 00:15:12
Source MITRE
View at NVD,   CVE.org

Products affected by CVE-2013-4786

Exploit prediction scoring system (EPSS) score for CVE-2013-4786

30.98%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2013-4786

  • IPMI 2.0 RAKP Remote SHA1 Password Hash Retrieval
    Disclosure Date: 2013-06-20
    First seen: 2020-04-26
    auxiliary/scanner/ipmi/ipmi_dumphashes
    This module identifies IPMI 2.0-compatible systems and attempts to retrieve the HMAC-SHA1 password hashes of default usernames. The hashes can be stored in a file using the OUTPUT_FILE option and then cracked using hmac_sha1_crack.rb in the tools subdirectory as well

CVSS scores for CVE-2013-4786

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.8
HIGH AV:N/AC:L/Au:N/C:C/I:N/A:N
10.0
6.9
NIST
7.5
HIGH CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.9
3.6
NIST

CWE ids for CVE-2013-4786

  • Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-4786

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!