VU#163057: BMC software fails to validate IPMI session. | allinfosecnews.com

April 30, 2024, 6:39 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview

The Intelligent Platform Management Interface (IPMI) implementations in multiple manufacturer's Baseboard Management Controller (BMC) software are vulnerable to IPMI session hijacking. An attacker with access to the BMC network (with IPMI enabled) can abuse the lack of session integrity to hijack sessions and execute arbitrary IPMI commands on the BMC.

Description

IPMI is a computer interface specification that provides a low-level management capability independent of hardware, firmware, or operating system. IPMI is supported by many BMC manufacturers to allow …

abuse access attacker baseboard management controller bmc can controller hijack hijacking integrity interface ipmi management manufacturer network platform session session hijacking sessions software vulnerable

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 2 weeks, 4 days ago | kb.cert.org

abuse access attacker baseboard management controller +17

VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 2 weeks, 5 days ago | kb.cert.org

arbitrary code arbitrary code execution attacker can +15

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 month ago | kb.cert.org

application arbitrary code attacker attackers +14

VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 month, 1 week ago | kb.cert.org

arbitrary code attackers cases code +15

VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 month, 1 week ago | kb.cert.org

architectures attacker attacks bhi +20

VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month, 2 weeks ago | kb.cert.org

attacks can dos fragments +6

VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month, 4 weeks ago | kb.cert.org

abuse application applications attacker +18

VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 2 months ago | kb.cert.org

architectures attacker can conditions +13

VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months, 1 week ago | kb.cert.org

app attacks bluetooth called +11

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street

View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US

View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark

View on infosec-jobs.com