Risks of Using the Intelligent Platform Management Interface (IPMI)

  • CERT Admin
  • Tue Oct 27 2020
  • Alerts

Systems Affected

  • HP Integrated Lights Outs
  • Dell DRAC
  • IBM Remote Supervisor Adapter


Overview

Attackers can easily identify and access systems that run IPMI and are connected to the Internet. It is important to restrict IPMI access to specific management IP addresses within an organization and preferably separated into a separate LAN segment.


Description

IPMI is a low level interface specification that has been adopted by many hardware vendors.  It allows a system administrator to remotely manage servers at the hardware level.  IPMI runs on the Baseboard Management Controller (BMC) and provides access to the BIOS, disks, and other hardware.  It also supports remote booting from a CD or through the network, and monitoring of the server environment.  The BMC itself also runs a limited set of network services to facilitate management and communications amongst systems.


Impact

An attacker with knowledge of IPMI can search for, and find, open management interfaces. Many of these interfaces utilize default or no passwords, or weak encryption.  Further consequences depend on the type and use of the compromised system.  At the very least, an attacker can compromise confidentiality, integrity, and availability of the server once gaining access to the BMC.


Solution/ Workarounds

  • Restrict IPMI to Internal Networks

Restrict IPMI traffic to trusted internal networks. Traffic from IPMI (usually UDP port 623) should be restricted to a management VLAN segment with strong network controls.  Scan for IPMI usage outside of the trusted network and monitor the trusted network for abnormal activity.


  • Utilize Strong Passwords

Devices running IPMI should have strong, unique passwords set for the IPMI service.  See US-CERT Security Tip ST04-002 and Password Security, Protection, and Management for more information on password security.

  • Encrypt Traffic

Enable encryption on IPMI interfaces, if possible.  Check your manufacturer manual for details on how to set up encryption.

  • Require Authentication

"Cipher 0" is an option enabled by default on many IPMI enabled devices that allows authentication to be bypassed.  Disable "cipher 0" to prevent attackers from bypassing authentication and sending arbitrary IPMI commands.  Anonymous logins should also be disabled.


References

https://www.us-cert.gov/ncas/alerts/TA13-207A


Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.


Last updated: Wed Oct 28 2020