cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Mitigating IPMI vulnerability...

Go to solution
sdo
Moderator
Moderator
Partner    VIP    Certified

‎06-16-2015 05:22 AM

N5230 v2.6.1.2.

Q1: I have been infiormed that the IPMI on our appliances are vulberable to a supposedly easily exploitable 'cipher zero IPMI attack'.  Is it possible to disable the IPMI features and just run it as an https port so that we can still access the useful Java KVM ?  i.e. is there a method to disable all the IPMI 2.0 related TCP and UDP ports and just leave the IPMI TCP/443/https port open ?

Q2: Our pen test also highlighted that the certificate within the https server of the IPMI is using a weak key length.  Is is possible to replace the certificate?

Thanks.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
mnolan
Level 6
Employee Accredited Certified

‎06-17-2015 01:55 PM

I believe this is the information you need.

 

IPMI Cipher Zero

Article: TECH218518
Updated: June 19, 2014 Article URL: http://www.symantec.com/docs/TECH218518

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
D_Flood
Level 6

‎06-17-2015 12:25 PM

I'm guessing that the answer to Q1 is a NO since it would defeat the intended purpose of IPMI.  As for Q2 you'd probably have to convince Veritas to ask their IPMI manufacturer to release a new version of the firmware.

 

0 Kudos

Go to solution
mnolan
Level 6
Employee Accredited Certified

‎06-17-2015 01:55 PM

I believe this is the information you need.

 

IPMI Cipher Zero

Article: TECH218518
Updated: June 19, 2014 Article URL: http://www.symantec.com/docs/TECH218518
0 Kudos

Go to solution
sdo
Moderator
Moderator
Partner    VIP    Certified

‎06-18-2015 12:59 AM

Thank you.

0 Kudos