← back
CVE-2013-4786observed exploitation

CVE-2013-4786

84Vexday Risk Score

Patch now. It exploitation observed by VulnCheck and has a working public exploit.

ssvc Actepss 82%
from disclosure to weapon0 days
Published on NVDJul 8
1st PoCJul 2
metasploitJun 20
VulnCheck+3508d
exploitation probability
82%top 1% of all CVEs
observed exploitation
yesVulnCheck
4 public exploit(s)
The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.