CVE-2024-3411

Name of the Vulnerable Software and Affected Versions IPMI (affected versions not specified)

Description The issue concerns implementations of IPMI Authenticated sessions that do not provide enough randomness, making them susceptible to session hijacking. An attacker can exploit this by using either a predictable IPMI Session ID or a weak BMC Random Number to bypass security controls. This can be achieved by sending spoofed IPMI packets to manage the BMC device.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.