CVE-2014-2955

Published: Jul 14, 2014Modified: May 6, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.

Affected (16)

Products: Raritan: Px, Dpxr20a 16

Raritan

2 products

Dpxr20a 16

Configuration A

16 vulnerable

Vulnerable Software	Affected Versions
Raritan Px	Up to 1.5.8
Raritan Px	Version 1.0.4
Raritan Px	Version 1.0
Raritan Px	Version 1.1.6
Raritan Px	Version 1.1
Raritan Px	Version 1.2.5
Raritan Px	Version 1.2.7
Raritan Px	Version 1.2
Raritan Px	Version 1.3.1
Raritan Px	Version 1.3.5
Raritan Px	Version 1.3
Raritan Px	Version 1.4.1
Raritan Px	Version 1.5.4
Raritan Px	Version 1.5.7
Raritan Px	Version 1.5
Raritan Dpxr20a 16	All versions

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

http://seclists.org/fulldisclosure/2014/Jul/14

Source: cret@cert.org

http://www.kb.cert.org/vuls/id/712660

Source: cret@cert.org

Third Party AdvisoryUS Government Resource

http://seclists.org/fulldisclosure/2014/Jul/14

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/712660

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.