CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
89.7%
The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating DRAC’s are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(501892);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");
script_cve_id("CVE-2013-4783");
script_xref(name:"OSVDB", value:"93039");
script_name(english:"Dell iDRAC6 Improper Authentication (CVE-2013-4783)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before
3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers
to bypass authentication and execute arbitrary IPMI commands by using
cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the
vendor disputes the significance of this issue, stating DRAC's are
intended to be on a separate management network; they are not designed
nor intended to be placed on or connected to the Internet.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bbbee7cf");
# http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?706abaa4");
script_set_attribute(attribute:"see_also", value:"http://fish2.com/ipmi/cipherzero.html");
script_set_attribute(attribute:"see_also", value:"http://osvdb.org/show/osvdb/93039");
# http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?63022bc4");
script_set_attribute(attribute:"see_also", value:"http://www.wired.com/threatlevel/2013/07/ipmi/");
# https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c9f54a37");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4783");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(287);
script_set_attribute(attribute:"vuln_publication_date", value:"2013/07/08");
script_set_attribute(attribute:"patch_publication_date", value:"2013/07/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/17");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:dell:idrac6_bmc");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Dell");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Dell');
var asset = tenable_ot::assets::get(vendor:'Dell');
var vuln_cpes = {
"cpe:/h:dell:idrac6_bmc" :
{"family" : "iDRAC6"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_HOLE);