Mitigating IPMI vulnerability...

N5230 v2.6.1.2.

Q1: I have been infiormed that the IPMI on our appliances are vulberable to a supposedly easily exploitable 'cipher zero IPMI attack'. Is it possible to disable the IPMI features and just run it as an https port so that we can still access the useful Java KVM ? i.e. is there a method to disable all the IPMI 2.0 related TCP and UDP ports and just leave the IPMI TCP/443/https port open ?

Q2: Our pen test also highlighted that the certificate within the https server of the IPMI is using a weak key length. Is is possible to replace the certificate?

Thanks.

Managing Backup Devices

NetBackup Appliance

Tip-How to

mnolan
10 years ago
I believe this is the information you need.

IPMI Cipher Zero

Article: TECH218518

Updated: June 19, 2014 Article URL: http://www.symantec.com/docs/TECH218518

D_Flood
Level 6
10 years ago
I'm guessing that the answer to Q1 is a NO since it would defeat the intended purpose of IPMI. As for Q2 you'd probably have to convince Veritas to ask their IPMI manufacturer to release a new version of the firmware.
mnolan
Level 6
10 years ago
I believe this is the information you need.

IPMI Cipher Zero

Article: TECH218518

Updated: June 19, 2014 Article URL: http://www.symantec.com/docs/TECH218518
sdo
Moderator
10 years ago
Thank you.

Forum Discussion

Mitigating IPMI vulnerability...

Related Content

IPMI Port

IPMI does not work

CVE-2023-38545/6 security vulnerability.

Log4j vulnerabilities mitigation/remediation hotfixes

5220 appliance IPMI confusion and mystery