Details of VAR-201307-0418

ID

VAR-201307-0418

CVE

CVE-2013-4783

TITLE

Dell iDRAC of BMC Vulnerabilities that prevent authentication from being implemented

Trust: 0.8

sources: JVNDB: JVNDB-2013-003249

DESCRIPTION

The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before 3.42, and iDRAC7 with firmware before 1.23.23, allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. NOTE: the vendor disputes the significance of this issue, stating "DRAC's are intended to be on a separate management network; they are not designed nor intended to be placed on or connected to the Internet.". Dell Integrated Remote Access Controller ( iDRAC ) 6 is the US Dell ( Dell ) company's system management solution that includes hardware and software. The program is Dell PowerEdge The system provides functions such as remote management, crashed system recovery, and power control. Dell iDRAC6 BMC There is a loophole in the implementation

Trust: 1.8

sources: NVD: CVE-2013-4783 // JVNDB: JVNDB-2013-003249 // VULHUB: VHN-64785 // VULMON: CVE-2013-4783

AFFECTED PRODUCTS

vendor:	dell	model:	idrac6 bmc	scope:	eq	version:	*	Trust: 1.0
vendor:	dell	model:	integrated dell remote access controller 6	scope:	eq	version:	bmc	Trust: 0.8
vendor:	dell	model:	idrac6 bmc	scope:	-	version:	-	Trust: 0.6

sources: JVNDB: JVNDB-2013-003249 // CNNVD: CNNVD-201307-120 // NVD: CVE-2013-4783

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-4783
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-4783
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201307-120
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-64785
value:	HIGH
Trust: 0.1
VULMON:	CVE-2013-4783
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-4783
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-64785
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-64785 // VULMON: CVE-2013-4783 // JVNDB: JVNDB-2013-003249 // CNNVD: CNNVD-201307-120 // NVD: CVE-2013-4783

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-64785 // JVNDB: JVNDB-2013-003249 // NVD: CVE-2013-4783

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-120

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201307-120

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003249

PATCH

title:	Dell response to US-CERT (United States Computer Emergency Readiness Team) TA13-207A: IPMI TechAlert	url:	ftp://ftp.dell.com/Manuals/Common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_FAQ2_en-us.pdf	Trust: 0.8
title:	Integrated Dell Remote Access Controller 6	url:	http://ja.community.dell.com/techcenter/b/weblog/archive/2011/03/31/quot-idrac6-quot.aspx	Trust: 0.8
title:	Top Page	url:	http://www.dell.com/	Trust: 0.8
title:	How to check if IPMI Cipher 0 is off	url:	http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx	Trust: 0.8
title:	-	url:	https://github.com/chnzzh/iDRAC-CVE-lib	Trust: 0.1

sources: VULMON: CVE-2013-4783 // JVNDB: JVNDB-2013-003249

EXTERNAL IDS

db:	NVD	id:	CVE-2013-4783	Trust: 2.6
db:	OSVDB	id:	93039	Trust: 1.8
db:	JVNDB	id:	JVNDB-2013-003249	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-120	Trust: 0.7
db:	MLIST	id:	[FREEIPMI-DEVEL] 20130222 THE INFAMOUS CIPHER ZERO, I PRESUME?	Trust: 0.6
db:	VULHUB	id:	VHN-64785	Trust: 0.1
db:	VULMON	id:	CVE-2013-4783	Trust: 0.1

sources: VULHUB: VHN-64785 // VULMON: CVE-2013-4783 // JVNDB: JVNDB-2013-003249 // CNNVD: CNNVD-201307-120 // NVD: CVE-2013-4783

REFERENCES

url:	http://fish2.com/ipmi/cipherzero.html	Trust: 1.8
url:	http://www.metasploit.com/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero	Trust: 1.8
url:	http://www.wired.com/threatlevel/2013/07/ipmi/	Trust: 1.8
url:	https://lists.gnu.org/archive/html/freeipmi-devel/2013-02/msg00013.html	Trust: 1.8
url:	http://osvdb.org/show/osvdb/93039	Trust: 1.8
url:	ftp://ftp.dell.com/manuals/common/integrated-dell-remote-access-cntrllr-6-for-monolithic-srvr-v1.95_faq2_en-us.pdf	Trust: 1.2
url:	http://en.community.dell.com/techcenter/systems-management/w/wiki/4929.how-to-check-if-ipmi-cipher-0-is-off.aspx	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4783	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4783	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/chnzzh/idrac-cve-lib	Trust: 0.1

sources: VULHUB: VHN-64785 // VULMON: CVE-2013-4783 // JVNDB: JVNDB-2013-003249 // CNNVD: CNNVD-201307-120 // NVD: CVE-2013-4783

SOURCES

db:	VULHUB	id:	VHN-64785
db:	VULMON	id:	CVE-2013-4783
db:	JVNDB	id:	JVNDB-2013-003249
db:	CNNVD	id:	CNNVD-201307-120
db:	NVD	id:	CVE-2013-4783

LAST UPDATE DATE

2025-04-11T22:48:43.867000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-64785	date:	2013-09-27T00:00:00
db:	VULMON	id:	CVE-2013-4783	date:	2013-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2013-003249	date:	2013-10-28T00:00:00
db:	CNNVD	id:	CNNVD-201307-120	date:	2013-08-02T00:00:00
db:	NVD	id:	CVE-2013-4783	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-64785	date:	2013-07-08T00:00:00
db:	VULMON	id:	CVE-2013-4783	date:	2013-07-08T00:00:00
db:	JVNDB	id:	JVNDB-2013-003249	date:	2013-07-10T00:00:00
db:	CNNVD	id:	CNNVD-201307-120	date:	2013-07-09T00:00:00
db:	NVD	id:	CVE-2013-4783	date:	2013-07-08T22:55:01.137