Qualys scan reported the following vulnerability on all the ILOs of ProLiant DL360p server which we are using.Vulnerability is "IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval Vulnerability" with CVV score CVE-2013-4786, CVE-2013-4037 .Can you please some one help me on fix for this issue.
Can any one please explain what is the importance of IPMI enabled/disabled on ILO.
ProLiant DL360p Gen8 and ProLiant DL360p Gen9 and ProLiant DL360p Gen7 servers vulnerability of ILO
hp-proliantiloipmi
Related Topic
- DL380 G7: Not able to access ILO on DL380 via ssh from a client
- Password setting for IPMI in Linux
- Linux – HP Proliant DL360p Gen8 server faulty hard disk replacement
- HP Proliant DL160 G5 – how to remove ILO License
- The NAND used for in the HPE ProLiant DL360p Gen8
- HP Proliant DL380 Gen9 – Troubleshooting iLO Connectivity
- HP Proliant DL80 Gen9 cannot connect to iLO
Best Answer
IPMI is an out of band management technology. It is used to have access to the server remotely without having an OS installed or even when the server is powered off but plugged on the power. Via IPMI you could have access to power on and off the server, hardware sensors, to serial console and to KVM over IP. You can for example configure BIOS and install an OS remotely.
That attack means that someone who has access to your network can obtain the password hashes used by IPMI authentication and run a dictionary attack to find the passwords.
You should upgrade the firmware for ILO.