Bypassing Authentication and Executing Arbitrary IPMI Commands in HP Integrated Lights-Out (iLO) BMC Implementation

Bypassing Authentication and Executing Arbitrary IPMI Commands in HP Integrated Lights-Out (iLO) BMC Implementation

CVE-2013-4784 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Learn more about our Web Application Penetration Testing UK.