search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Raritian PX power distribution software is vulnerable to the cipher zero attack.

Vulnerability Note VU#712660

Original Release Date: 2014-07-10 | Last Revised: 2014-07-10

Overview

Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Description

CWE-287: Improper Authentication - CVE-2014-2955

Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. Other product models and software versions may also be affected.

Impact

A remote unauthenticated attacker may be able to login and administer the device with full permissions of the compromised account.

Solution

Apply an Update
Raritan has provided a limited availability release, version 1.5.11. Raritan advises users to contact their sales or technical support for more details on how to obtain the release.

Restrict Access

Appropriate firewall rules and VLAN segmentation should be implemented so the management interface is not accessible from the general network.

Vendor Information

712660
Expand all

Raritan Inc

Notified:  May 19, 2014 Updated:  July 10, 2014

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.


CVSS Metrics

Group Score Vector
Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal 9.0 E:H/RL:TF/RC:C
Environmental 7 CDP:LM/TD:M/CR:H/IR:H/AR:H

References

Credit

Thanks to Joerg Kost for reporting this vulnerability.

This document was written by Chris King.

Other Information

CVE IDs: CVE-2014-2955
Date Public: 2014-07-10
Date First Published: 2014-07-10
Date Last Updated: 2014-07-10 19:00 UTC
Document Revision: 20

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.