Dan Farmer

#7231of 53,639
37.8Total CVSS
Vulnerabilities · 4
High
4
PT-2013-5189
10
2013-07-08
Supermicro · Supermicro Bmc · CVE-2013-4782
**Name of the Vulnerable Software and Affected Versions** Supermicro BMC (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 and an arbitrary password. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2013-5190
10
2013-07-08
Dell · Idrac7 · CVE-2013-4783
**Name of the Vulnerable Software and Affected Versions** Dell iDRAC6 versions 1.x through 1.91 Dell iDRAC6 versions 2.x through 3.41 Dell iDRAC7 versions prior to 1.23.23 **Description** The issue allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 and an arbitrary password. **Recommendations** For Dell iDRAC6 versions 1.x through 1.91, update to version 1.92 or later. For Dell iDRAC6 versions 2.x through 3.41, update to version 3.42 or later. For Dell iDRAC7 versions prior to 1.23.23, update to version 1.23.23 or later.
PT-2013-5191
10
2013-07-08
Hewlett Packard · Hp Integrated Lights-Out · CVE-2013-4784
**Name of the Vulnerable Software and Affected Versions** HP Integrated Lights-Out (iLO) (affected versions not specified) **Description** The issue allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 and an arbitrary password. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2013-5193
7.8
2013-07-08
Hewlett Packard · Hp Integrated Lights-Out · CVE-2013-4786
**Name of the Vulnerable Software and Affected Versions** HPE Integrated Lights-Out versions 2 through 5 HPE Superdome Flex RMC (affected versions not specified) **Description** The issue allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC. This could enable an attacker to gain unauthorized privileges and unauthorized access to privileged information. **Recommendations** For HPE Integrated Lights-Out versions 2 through 5, update to a version that addresses the RAKP authentication issue to prevent unauthorized access. For HPE Superdome Flex RMC, at the moment, there is no information about a newer version that contains a fix for this vulnerability.