Strix
26.1K

CVE-2013-4037

UnknownEPSS 0.95%

Last modified

CVE-2013-4037 is a vulnerability of currently unknown severity. The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.. EPSS estimates a 0.95% chance of exploitation in the next 30 days.

Description

The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.

Metrics

EPSS Probability
0.95%

56.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
IbmBladecenterhs22
IbmBladecenterhs22v
IbmBladecenterhs23
IbmBladecenterhs23e
IbmBladecenterhx5
IbmFlex System X220 Compute NodeAll versions
IbmFlex System X240 Compute NodeAll versions
IbmFlex System X440 Compute NodeAll versions
IbmSystem X Idataplex Dx360 M2 ServerAll versions
IbmSystem X Idataplex Dx360 M3 ServerAll versions
IbmSystem X Idataplex Dx360 M4 ServerAll versions
IbmSystem X3100 M4All versions
IbmSystem X3200 M3All versions
IbmSystem X3250 M3All versions
IbmSystem X3250 M4All versions
IbmSystem X3400 M2All versions
IbmSystem X3400 M3All versions
IbmSystem X3500 M2All versions
IbmSystem X3500 M3All versions
IbmSystem X3500 M4All versions
IbmSystem X3530 M4All versions
IbmSystem X3550 M2All versions
IbmSystem X3550 M3All versions
IbmSystem X3550 M4All versions
IbmSystem X3620 M3All versions
IbmSystem X3630 M3All versions
IbmSystem X3630 M4All versions
IbmSystem X3650 M2All versions
IbmSystem X3650 M3All versions
IbmSystem X3650 M4All versions
IbmSystem X3690 X5All versions
IbmSystem X3750 M4All versions
IbmSystem X3850 X5All versions
IbmSystem X3950 X5All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-4037?
The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers sends a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack.
How severe is CVE-2013-4037?
Severity scoring for CVE-2013-4037 is pending analysis. The EPSS model estimates a 0.95% probability of exploitation in the next 30 days.
How do I fix CVE-2013-4037?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-4037?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST