ID
VAR-201206-0425
TITLE
ASUS iKVM Information Disclosure Vulnerability
Trust: 1.5
sources:
CNVD: CNVD-2012-3365 //
BID: 54191 //
CNNVD: CNNVD-201210-600
DESCRIPTION
ASUS iKVM is a remote server management chip that provides remote management capabilities. The Asus iKVM/IPMI implementation stores the authentication credentials in a text file in clear text. Anonymous users can access the system using the plaintext password of the \"anonymous\" account. Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks
Trust: 0.81
sources:
CNVD: CNVD-2012-3365 //
BID: 54191
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2012-3365
AFFECTED PRODUCTS
| vendor: | asus | model: | ikvm | scope: | - | version: | - | Trust: 0.6 |
| vendor: | asus | model: | ikvm | scope: | eq | version: | 0 | Trust: 0.3 |
sources:
CNVD: CNVD-2012-3365 //
BID: 54191
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201210-600
TYPE
information disclosure
Trust: 0.6
sources:
CNNVD: CNNVD-201210-600
EXTERNAL IDS
| db: | BID | id: | 54191 | Trust: 1.5 |
| db: | PACKETSTORM | id: | 114171 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2012-3365 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-201210-600 | Trust: 0.6 |
sources:
CNVD: CNVD-2012-3365 //
BID: 54191 //
CNNVD: CNNVD-201210-600
REFERENCES
| url: | http://packetstormsecurity.org/files/114171/asus-ikvm-ipmi-backdoor-cleartext-passwords.html | Trust: 0.6 |
| url: | http://www.securityfocus.com/bid/54191 | Trust: 0.6 |
| url: | http://www.asus.com | Trust: 0.3 |
| url: | http://www.asus.com/server_workstation/features/remote_management/#asmb6-ikvm | Trust: 0.3 |
sources:
CNVD: CNVD-2012-3365 //
BID: 54191 //
CNNVD: CNNVD-201210-600
CREDITS
Pedro Dias
Trust: 0.9
sources:
BID: 54191 //
CNNVD: CNNVD-201210-600
SOURCES
| db: | CNVD | id: | CNVD-2012-3365 |
| db: | BID | id: | 54191 |
| db: | CNNVD | id: | CNNVD-201210-600 |
LAST UPDATE DATE
2022-05-17T01:46:39.487000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2012-3365 | date: | 2012-06-28T00:00:00 |
| db: | BID | id: | 54191 | date: | 2012-06-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-201210-600 | date: | 2012-10-25T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2012-3365 | date: | 2012-06-28T00:00:00 |
| db: | BID | id: | 54191 | date: | 2012-06-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-201210-600 | date: | 2012-06-25T00:00:00 |