CVE-2024-3411
April 30, 2024, 7:35 p.m.
Tags
Product(s) Impacted
IPMI
Description
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device.
Weaknesses
Date
Published: April 30, 2024, 7:15 p.m.
Last Modified: April 30, 2024, 7:35 p.m.
Status : Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
More infoSource
cret@cert.org
References
https://kb.cert.org/
cret@cert.org
https://www.intel.la/
cret@cert.org
https://www.kb.cert.org/
cret@cert.org