Greenbone Security Advisory 2015-01: Baseboard control via BMC factory settings
Security Advisory
Greenbone Networks GmbH
Neuer Graben 17
49084 Osnabrück
Germany
www.greenbone.net
Security Team
GBSA2015-01
Final
1
1
2015-09-24T00:00:00+00:00
Problem identified by Greenbone staff (2015-09-22), solved (2015-09-23), solution published as new Patch Level release for GOS 3.1 and GOS 3.0 (2015-09-23).
2015-09-24T00:00:00+00:00
2015-09-24T00:00:00+00:00
http://www.greenbone.net/technology/gbsa2015-01.html
GBSA2015-01: Baseboard control via BMC factory settings
Greenbone OS 3.1.1
Greenbone OS 3.1.17
Greenbone OS 3.1.18
Greenbone OS 3.0.1
Greenbone OS 3.0.36
Greenbone OS 3.0.37
The models GSM 600 and GSM 650 have a factory-settings of the BMC (Baseboard Management Controller) which were not pre-configured at time of shipping.
It is possible to use a pre-configured account to access the hardware administration via network. Apart from reading the hardware profile, it is also possible to shut down or reboot the device.
Resolution made available with Greenbone OS 3.1.18 and Greenbone OS 3.0.37 on 2015-09-24.
GOS 3.1.1
GOS 3.1.17
GOS 3.1.18
GOS 3.0.1
GOS 3.0.28
GOS 3.0.37
6.7
AV:A/AC:L/Au:S/C:P/I:P/A:C
Re-configure BMC manually regarding network channel and user accounts.
Upgrade at least to Greenbone OS 3.0.37 or Greenbone OS 3.1.18.
GOS 3.1.18
GOS 3.0.37