Back

CVE-2024-3411

April 30, 2024, 7:35 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

IPMI

Source

cret@cert.org

Tags

CVE-2024-3411 details

Published : April 30, 2024, 7:15 p.m.
Last Modified : April 30, 2024, 7:35 p.m.

Description

Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://kb.cert.org/vuls/id/163057 cret@cert.org
https://www.intel.la/content/dam/www/public/us/en/documents/specification-updates/ipmi-intelligent-platform-mgt-interface-spec-2nd-gen-v2-0-spec-update.pdf cret@cert.org
https://www.kb.cert.org/vuls/id/163057 cret@cert.org
This website uses the NVD API, but is not approved or certified by it.