Vulnerability Description
Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random Number to bypass security controls using spoofed IPMI packets to manage BMC device.
CVSS Score
CRITICAL
Related Weaknesses (CWE)
References
- https://kb.cert.org/vuls/id/163057
- https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-
- https://www.intel.la/content/dam/www/public/us/en/documents/specification-update
- https://kb.cert.org/vuls/id/163057
- https://www.dell.com/support/kbdoc/en-US/000226504/dsa-2024-295-security-update-
- https://www.intel.la/content/dam/www/public/us/en/documents/specification-update
- https://www.kb.cert.org/vuls/id/163057
FAQ
What is CVE-2024-3411?
CVE-2024-3411 is a vulnerability with a CVSS score of 9.1 (CRITICAL). Implementations of IPMI Authenticated sessions does not provide enough randomness to protect from session hijacking, allowing an attacker to use either predictable IPMI Session ID or weak BMC Random N...
How severe is CVE-2024-3411?
CVE-2024-3411 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-3411?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.