Vulnerability Description
Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | Xserve Lights-Out Management | firmware_0 |
References
- http://docs.info.apple.com/article.html?artnum=305571Patch
- http://lists.apple.com/archives/security-announce/2007/May/msg00006.htmlPatch
- http://osvdb.org/36128
- http://secunia.com/advisories/25499PatchVendor Advisory
- http://www.apple.com/support/downloads/xservelightsoutmanagementfirmwareupdate10
- http://www.securityfocus.com/bid/24257Patch
- http://www.securitytracker.com/id?1018181
- http://www.vupen.com/english/advisories/2007/2014
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34651
- http://docs.info.apple.com/article.html?artnum=305571Patch
- http://lists.apple.com/archives/security-announce/2007/May/msg00006.htmlPatch
- http://osvdb.org/36128
- http://secunia.com/advisories/25499PatchVendor Advisory
- http://www.apple.com/support/downloads/xservelightsoutmanagementfirmwareupdate10
- http://www.securityfocus.com/bid/24257Patch
FAQ
What is CVE-2007-2387?
CVE-2007-2387 is a vulnerability with a CVSS score of 10.0 (HIGH). Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via u...
How severe is CVE-2007-2387?
CVE-2007-2387 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2387?
Check the references section above for vendor advisories and patch information. Affected products include: Apple Xserve Lights-Out Management.