https://community.cisco.com/t5/cisco-catalyst-center/ipmi-v2-0-password-hash-disclosure-vulnerability/m-p/5067386#M8945 <P>We had a IT sec scan and came across a vulnerability with IPMI v2.0 with no fix. I assume this has to do with the CIMC, but is there a way to disabled IPMI? I see ways to possibly disable or limit on other platforms:</P><P><A href="https://sec.cloudapps.cisco.com/security/center/resources/ipmi_vulnerabilities.html" target="_blank" rel="noopener">https://sec.cloudapps.cisco.com/security/center/resources/ipmi_vulnerabilities.html</A></P><P>It found this on UDP / 623.&nbsp;</P><UL><LI>Synopsis</LI></UL><P>The remote host supports IPMI version 2.0.</P><UL><LI>Description</LI></UL><P>The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response from a BMC.</P><UL><LI>Steps to Remediate</LI></UL><P>There is no patch for this vulnerability; it is an inherent problem with the specification for IPMI v2.0. Suggested mitigations include :</P><P>- Disabling IPMI over LAN if it is not needed.</P><P>- Using strong passwords to limit the successfulness of off-line dictionary attacks.</P><P>- Using Access Control Lists (ACLs) or isolated networks to limit access to your IPMI management interfaces.</P> Fri, 12 Apr 2024 15:27:18 GMT frederick.mercado 2024-04-12T15:27:18Z https://community.cisco.com/t5/cisco-catalyst-center/ipmi-v2-0-password-hash-disclosure-vulnerability/m-p/5067386#M8945 <P>We had a IT sec scan and came across a vulnerability with IPMI v2.0 with no fix. I assume this has to do with the CIMC, but is there a way to disabled IPMI? I see ways to possibly disable or limit on other platforms:</P><P><A href="https://sec.cloudapps.cisco.com/security/center/resources/ipmi_vulnerabilities.html" target="_blank" rel="noopener">https://sec.cloudapps.cisco.com/security/center/resources/ipmi_vulnerabilities.html</A></P><P>It found this on UDP / 623.&nbsp;</P><UL><LI>Synopsis</LI></UL><P>The remote host supports IPMI version 2.0.</P><UL><LI>Description</LI></UL><P>The remote host supports IPMI v2.0. The Intelligent Platform Management Interface (IPMI) protocol is affected by an information disclosure vulnerability due to the support of RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication. A remote attacker can obtain password hash information for valid user accounts via the HMAC from a RAKP message 2 response from a BMC.</P><UL><LI>Steps to Remediate</LI></UL><P>There is no patch for this vulnerability; it is an inherent problem with the specification for IPMI v2.0. Suggested mitigations include :</P><P>- Disabling IPMI over LAN if it is not needed.</P><P>- Using strong passwords to limit the successfulness of off-line dictionary attacks.</P><P>- Using Access Control Lists (ACLs) or isolated networks to limit access to your IPMI management interfaces.</P> Fri, 12 Apr 2024 15:27:18 GMT https://community.cisco.com/t5/cisco-catalyst-center/ipmi-v2-0-password-hash-disclosure-vulnerability/m-p/5067386#M8945 frederick.mercado 2024-04-12T15:27:18Z