06-16-2015 05:22 AM
N5230 v2.6.1.2.
Q1: I have been infiormed that the IPMI on our appliances are vulberable to a supposedly easily exploitable 'cipher zero IPMI attack'. Is it possible to disable the IPMI features and just run it as an https port so that we can still access the useful Java KVM ? i.e. is there a method to disable all the IPMI 2.0 related TCP and UDP ports and just leave the IPMI TCP/443/https port open ?
Q2: Our pen test also highlighted that the certificate within the https server of the IPMI is using a weak key length. Is is possible to replace the certificate?
Thanks.
Solved! Go to Solution.
06-17-2015 01:55 PM
I believe this is the information you need.
IPMI Cipher Zero
06-17-2015 12:25 PM
I'm guessing that the answer to Q1 is a NO since it would defeat the intended purpose of IPMI. As for Q2 you'd probably have to convince Veritas to ask their IPMI manufacturer to release a new version of the firmware.
06-17-2015 01:55 PM
I believe this is the information you need.
IPMI Cipher Zero
06-18-2015 12:59 AM
Thank you.