Qualys scan reported the following vulnerability on all the ILOs of ProLiant DL360p server which we are using.Vulnerability is "IPMI 2.0 RAKP Authentication Remote Password Hash Retrieval Vulnerability" with CVV score CVE-2013-4786, CVE-2013-4037 .Can you please some one help me on fix for this issue. Can any one please explain what is the importance of IPMI enabled/disabled on ILO.
Asked
Active
Viewed 2,604 times
2 Answers
2
IPMI is an out of band management technology. It is used to have access to the server remotely without having an OS installed or even when the server is powered off but plugged on the power. Via IPMI you could have access to power on and off the server, hardware sensors, to serial console and to KVM over IP. You can for example configure BIOS and install an OS remotely.
That attack means that someone who has access to your network can obtain the password hashes used by IPMI authentication and run a dictionary attack to find the passwords.
You should upgrade the firmware for ILO.
Mircea Vutcovici
- 17,619
- 4
- 56
- 83
-
We updated the ILO firmware on G8 and G9 server.But, still it reported the vulnerability. – shashi Oct 09 '15 at 07:17
-
You can either disable IPMI and lose remote access to the console. Or you can put the IPMI interface in a separate VLAN that is secured by a firewall and that the access is provided via a VPN server or a secure jump-point server. – Mircea Vutcovici Oct 09 '15 at 07:21
-
You should also contact HP may be they can help in securing the IMPI service. – Mircea Vutcovici Oct 09 '15 at 07:22
-
Yeah!! I had a chat with HPE support.They suggested to inform to the HPE technical and security support team. But as usual they wont give an solution in time instead they will ask to update ILO/drivers and many...So, i that of going for forums so that some one got the same issue can help us. – shashi Oct 09 '15 at 09:17
-
I do not know how is for HP, but for other servers you need to reboot the out of band management system. ILO is actually another small computer located on the server motherboard. – Mircea Vutcovici Oct 09 '15 at 11:19
-
We are planning for ILO firmware and driver update..Probably it may fix. If not need to check it again . – shashi Oct 12 '15 at 05:18
-
Rebooting the server will not reboot the ILO. You need to find the reboot option in ILO interface. Also rebooting the ILO has no impact on the main server. Think of ILO like another computer inside the same case. It has its own OS and a different HW platform than your server. – Mircea Vutcovici Oct 12 '15 at 05:45