{"vuid":"VU#712660","idnumber":"712660","name":"Raritian PX power distribution software is vulnerable to the cipher zero attack.","keywords":["raritian","px","power","ipmi","zero","cipher"],"overview":"Raritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.","clean_desc":"CWE-287: Improper Authentication - CVE-2014-2955\nRaritan PX power distribution software version 01.05.08 and previous running on a model DPXR20A-16 device allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. Other product models and software versions may also be affected.","impact":"A remote unauthenticated attacker may be able to login and administer the device with full permissions of the compromised account.","resolution":"Apply an Update\nRaritan has provided a limited availability release, version 1.5.11. Raritan advises users to contact their sales or technical support for more details on how to obtain the release.","workarounds":"Restrict Access\nAppropriate firewall rules and VLAN segmentation should be implemented so the management interface is not accessible from the general network.","sysaffected":"","thanks":"Thanks to Joerg Kost for reporting this vulnerability.","author":"This document was written by Chris King.","public":["http://productselector.appspot.com/showimage?fName=DPXR20A-16_spec.pdf&mName=DPXR20A-16&Type=pdf","http://fish2.com/ipmi/cipherzero.html","http://seclists.org/fulldisclosure/2014/Jul/14"],"cveids":["CVE-2014-2955"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-02-17T19:49:56Z","publicdate":"2014-07-10T00:00:00Z","datefirstpublished":"2014-07-10T19:00:06Z","dateupdated":"2014-07-10T19:00:08Z","revision":21,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"TF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"LM","cvss_targetdistribution":"M","cvss_securityrequirementscr":"H","cvss_securityrequirementsir":"H","cvss_securityrequirementsar":"H","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"9","cvss_environmentalscore":"6.9723987552","cvss_environmentalvector":"CDP:LM/TD:M/CR:H/IR:H/AR:H","metric":0.0,"vulnote":null}