all InfoSec news
VU#163057: BMC software fails to validate IPMI session.
CERT Recently Published Vulnerability Notes kb.cert.org
Overview
The Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network (with IPMI enabled) can abuse the lack of session integrity to hijack sessions and execute arbitrary IPMI commands on the BMC.
Description
IPMI is a computer interface specification that provides a low-level management capability independent of hardware, firmware, or operating system. IPMI is supported by many BMC manufacturers to allow …
abuse access attacker baseboard management controller bmc can controller hijack hijacking integrity interface ipmi management manufacturer network platform session session hijacking sessions software vulnerable