Technology News

latest updates from easySERVICE™

Vulnerabilities in IPMI Standard For Disaster-Recovery

Stellar Phoenix Solutions


Recently, US-CERT released a security advisory that explains the risks inherent with exposing Intelligent Platform Management Interface (IPMI) interfaces to unsecured networks. IPMI is an API standard maintained by Intel that describes a platform-independent method of interacting with the BMCs on servers. This advisory followed the release of numerous vulnerabilities in the IPMI 1.5 and 2.0 standards discovered by independent security consultant Dan Farmer while working on a DARPA grant.

Effectively, the vulnerabilities Farmer discovered allow unfettered access to the most basic functions of any server with an exposed and unpatched IPMI interface. Given that more than 200 server manufacturers have adopted Intel’s standard (Hewlett-Packard, Dell, SuperMicro, IBM, you name it) and implemented it in their own BMCs, chances are your data center is full of enabled and accessible IPMI devices. Effectively, a hacker with full access to an IPMI interface might as well be physically sitting…

View original post 376 more words

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


This entry was posted on April 9, 2014 by in Uncategorized.
%d bloggers like this: