July 13,2017
BMC (Baseboard Management Controller) has vulnerability in IPMI.
BMC Network has vulnerability (TA13-207A) in IPMI.
This vulnerability may make it possible to illegally operate BMC by the outside.
The following products that Management LAN is connected to network correspond.
Executing any of the following workarounds avoids this problem.
Workaround 1
Please cut off Port (PortNo:623) that IPMI Over LAN use, not to be accessed from outside network, by setting Gateway etc.
Workaround 2
It is possible to set a port that uses IPMI Over LAN for invalidity on WebConsole, in some server models. In the case that Management LAN is connected to the network and IPMI over LAN is not used, setting a port for invalidity avoids this problem. About how to change the setting, refer to User's Guide -Remote Management-. About server models that it is possible to change the setting, refer to "Affected products".
Workaround 3
It is possible to avoid this problem by changing the following setting on WebConsole in some
server models.
(a) Set "Security strength" item to "High"
(b) Set "Access to IPMI over LAN 1.5 and null" item to "Prohibited".
But, in the case that (a) is executed, communication except IPMI over LAN may be effected.
About how to change the setting and extent of the impact, refer to User's Guide -Remote Management-. About server models that it is possible to change the setting, refer to "Affected products".
Machine | Model Name | Workaround2 Enable/Disable to change the Setting |
Workaround3 Enable/Disable to change the Setting |
---|---|---|---|
HA8000/RS440xN1 | GUx441xN-xxxxxxx | Disable | Disable |
HA8000/RS440xN | GUx440xN-xxxxxxx | Disable | Disable |
HA8000/RS440xM | GQx440AM-xxxxxxx | Disable | Disable |
HA8000/ RS440xL,xL1,xL2 *1 |
GQx44xxL-xxxxxxx | Disable | Disable |
HA8000/ RS440xK,xK1 *1 |
GQx44xxK-xxxxxxx | Disable | Disable |
HA8000/RS220xN2 | GUx222xN-xxxxxxx | Disable | Disable |
HA8000/RS220xN1 | GUx221xN-xxxxxxx | Disable | Disable |
HA8000/RS220xN | GUx220xN-xxxxxxx | Disable | Disable |
HA8000/ RS220-hxM2 *2 RS220xM2 NS220xM2 RS220-sxM2 NS220-sxM2 |
GQx222xM-xxxxxxx | Enable | Enable |
HA8000/ RS220-hxM,xM1 RS220xM,xM1 NS220xM,xM1 RS220-sxM,xM1 NS220-sxM,xM1 |
GQx221xM-xxxxxxx GQx220xM-xxxxxxx |
Enable | Disable |
HA8000/ RS220xJ,xK,xK1,xL NS220xL HA8000-es/ RS220xJ,xK |
GQx220xL-xxxxxxx GQx22xxK-xxxxxxx GQxR22xJ-xxxxxxx |
Disable | Disable |
HA8000/RS210xN2 | GUx212xN-xxxxxxx | Disable | Disable |
HA8000/RS210xN1 | GUx211xN-xxxxxxx | Disable | Disable |
HA8000/RS210xN | GUx210xN-xxxxxxx | Disable | Disable |
HA8000/ RS210-hxM2 *2 RS210xM2 |
GQx212xM-xxxxxxx | Enable | Enable |
HA8000/ RS210-hxM,xM1 RS210xM,xM1 |
GQx211xM-xxxxxxx GQx210xM-xxxxxxx |
Enable | Disable |
HA8000/ RS210xJ,xK,xK1,xL NS210xL HA8000-es/ RS210xJ,xK |
GQx210xL-xxxxxxx GQx21xxK-xxxxxxx GQxR21xJ-xxxxxxx |
Disable | Disable |
HA8000/RS110xN1 | GUx111xN-xxxxxxx | Disable | Disable |
HA8000/RS110xN | GUx110xN-xxxxxxx | Disable | Disable |
HA8000/RS110-hxM2 | GQx112HM-xxxxxxx GQx112KM-xxxxxxx |
Enable | Enable |
HA8000/ RS110-hxM,xM1 |
GQx111HM-xxxxxxx GQx111KM-xxxxxxx GQx110HM-xxxxxxx GQx110KM-xxxxxxx GQx11xLM-xxxxxxx GQx11xMM-xxxxxxx |
Enable | Disable |
HA8000/ RS110xM,xM1 NS110xM,xM1 |
GQx11xAM-xxxxxxx GQx11xBM-xxxxxxx GQx11xCM-xxxxxxx GQx11xEM-xxxxxxx |
Enable | Disable |
HA8000/ RS110xL,xL1,xL2 NS110xL,xL1,xL2 |
GQx11xxL-xxxxxxx | Disable | Disable |
HA8000/ RS110xJ,xK,xK1 |
GQx11xxK-xxxxxxx GQxR11xJ-xxxxxxx |
Disable | Disable |
HA8000/TS20xN2 | GUxT22xN-xxxxxxx | Disable | Disable |
HA8000/TS20xN | GUxT20xN-xxxxxxx | Disable | Disable |
HA8000/TS20xM2 | GQxT22xM-xxxxxxx | Enable | Enable |
HA8000/ TS20xM,xM1 |
GQxT21xM-xxxxxxx GQxT20xM-xxxxxxx |
Enable | Disable |
HA8000/ TS20xJ,xK,xK1,xL HA8000-es/ TS20xJ |
GQxT20xL-xxxxxxx GQxT2xxK-xxxxxxx GQxT20xJ-xxxxxxx |
Disable | Disable |
HA8000/TS10xN1 | GUxT11xN-xxxxxxx | Disable | Disable |
HA8000/TS10xN | GUxT10xN-xxxxxxx | Disable | Disable |
HA8000/TS10-hxM2 | GQxT12HM-xxxxxxx GQxT12KM-xxxxxxx |
Enable | Enable |
HA8000/ TS10-hxM,xM1 |
GQxT11HM-xxxxxxx GQxT11KM-xxxxxxx GQxT10HM-xxxxxxx GQxT10KM-xxxxxxx GQxT1xJM-xxxxxxx GQxT1xLM-xxxxxxx GQxT1xMM-xxxxxxx |
Enable | Disable |
HA8000/ TS10xM,xM1 NS10xM,xM1 |
GQxT1xAM-xxxxxxx GQxT1xBM-xxxxxxx GQxT1xCM-xxxxxxx GQxT1xEM-xxxxxxx GQxT1xSM-xxxxxxx GQxT1xTM-xxxxxxx |
Enable | Disable |
HA8000/ TS10xL,xL1,xL2 NS10xL,xL1,xL2 |
GQxT1xxL-xxxxxxx | Disable | Disable |
HA8000/ TS10xJ,xK,xK1 |
GQxT1xxK-xxxxxxx GQxT10xJ-xxxxxxx |
Disable | Disable |
HA8000/ SS10xL,xL1,xL2 NS10sxL,xL1,xL2 |
GQxS1xxL-xxxxxxx | Disable | Disable |
"x" is any alphanumeric.
July 13, 2017 : RS440xN1, RS440xN,RS220xN2,RS220xN1,RS210xN2,RS210xN1,TS20xN2,TS20xN,RS110xN1,RS110xN,TS10xN1 and TS10xN are added on the Machine Table.
November 21, 2014 : RS220xN and RS210xN are added on the Machine Table.
September 1, 2014 : This Security Information Page is made newly, sent.