Vulnerability (TA13-207A) in IPMI for HA8000

July 13,2017

Vulnerability description
Affected products
Revision history

BMC (Baseboard Management Controller) has vulnerability in IPMI.

US-CERT Alert TA13-207A (Display new window)

Vulnerability description

Phenomenal Content

BMC Network has vulnerability (TA13-207A) in IPMI.
This vulnerability may make it possible to illegally operate BMC by the outside.

Conditions

The following products that Management LAN is connected to network correspond.

Workaround plan

Executing any of the following workarounds avoids this problem.

Workaround 1
Please cut off Port (PortNo:623) that IPMI Over LAN use, not to be accessed from outside network, by setting Gateway etc.

Workaround 2
It is possible to set a port that uses IPMI Over LAN for invalidity on WebConsole, in some server models. In the case that Management LAN is connected to the network and IPMI over LAN is not used, setting a port for invalidity avoids this problem. About how to change the setting, refer to User's Guide -Remote Management-. About server models that it is possible to change the setting, refer to "Affected products".

Workaround 3
It is possible to avoid this problem by changing the following setting on WebConsole in some server models.
(a) Set "Security strength" item to "High"
(b) Set "Access to IPMI over LAN 1.5 and null" item to "Prohibited".
But, in the case that (a) is executed, communication except IPMI over LAN may be effected. About how to change the setting and extent of the impact, refer to User's Guide -Remote Management-. About server models that it is possible to change the setting, refer to "Affected products".

Affected products

The following products correspond.
Machine	Model Name	Workaround2 Enable/Disable to change the Setting	Workaround3 Enable/Disable to change the Setting
HA8000/RS440xN1	GUx441xN-xxxxxxx	Disable	Disable
HA8000/RS440xN	GUx440xN-xxxxxxx	Disable	Disable
HA8000/RS440xM	GQx440AM-xxxxxxx	Disable	Disable
HA8000/ RS440xL,xL1,xL2 *1	GQx44xxL-xxxxxxx	Disable	Disable
HA8000/ RS440xK,xK1 *1	GQx44xxK-xxxxxxx	Disable	Disable
HA8000/RS220xN2	GUx222xN-xxxxxxx	Disable	Disable
HA8000/RS220xN1	GUx221xN-xxxxxxx	Disable	Disable
HA8000/RS220xN	GUx220xN-xxxxxxx	Disable	Disable
HA8000/ RS220-hxM2 *2 RS220xM2 NS220xM2 RS220-sxM2 NS220-sxM2	GQx222xM-xxxxxxx	Enable	Enable
HA8000/ RS220-hxM,xM1 RS220xM,xM1 NS220xM,xM1 RS220-sxM,xM1 NS220-sxM,xM1	GQx221xM-xxxxxxx GQx220xM-xxxxxxx	Enable	Disable
HA8000/ RS220xJ,xK,xK1,xL NS220xL HA8000-es/ RS220xJ,xK	GQx220xL-xxxxxxx GQx22xxK-xxxxxxx GQxR22xJ-xxxxxxx	Disable	Disable
HA8000/RS210xN2	GUx212xN-xxxxxxx	Disable	Disable
HA8000/RS210xN1	GUx211xN-xxxxxxx	Disable	Disable
HA8000/RS210xN	GUx210xN-xxxxxxx	Disable	Disable
HA8000/ RS210-hxM2 *2 RS210xM2	GQx212xM-xxxxxxx	Enable	Enable
HA8000/ RS210-hxM,xM1 RS210xM,xM1	GQx211xM-xxxxxxx GQx210xM-xxxxxxx	Enable	Disable
HA8000/ RS210xJ,xK,xK1,xL NS210xL HA8000-es/ RS210xJ,xK	GQx210xL-xxxxxxx GQx21xxK-xxxxxxx GQxR21xJ-xxxxxxx	Disable	Disable
HA8000/RS110xN1	GUx111xN-xxxxxxx	Disable	Disable
HA8000/RS110xN	GUx110xN-xxxxxxx	Disable	Disable
HA8000/RS110-hxM2	GQx112HM-xxxxxxx GQx112KM-xxxxxxx	Enable	Enable
HA8000/ RS110-hxM,xM1	GQx111HM-xxxxxxx GQx111KM-xxxxxxx GQx110HM-xxxxxxx GQx110KM-xxxxxxx GQx11xLM-xxxxxxx GQx11xMM-xxxxxxx	Enable	Disable
HA8000/ RS110xM,xM1 NS110xM,xM1	GQx11xAM-xxxxxxx GQx11xBM-xxxxxxx GQx11xCM-xxxxxxx GQx11xEM-xxxxxxx	Enable	Disable
HA8000/ RS110xL,xL1,xL2 NS110xL,xL1,xL2	GQx11xxL-xxxxxxx	Disable	Disable
HA8000/ RS110xJ,xK,xK1	GQx11xxK-xxxxxxx GQxR11xJ-xxxxxxx	Disable	Disable
HA8000/TS20xN2	GUxT22xN-xxxxxxx	Disable	Disable
HA8000/TS20xN	GUxT20xN-xxxxxxx	Disable	Disable
HA8000/TS20xM2	GQxT22xM-xxxxxxx	Enable	Enable
HA8000/ TS20xM,xM1	GQxT21xM-xxxxxxx GQxT20xM-xxxxxxx	Enable	Disable
HA8000/ TS20xJ,xK,xK1,xL HA8000-es/ TS20xJ	GQxT20xL-xxxxxxx GQxT2xxK-xxxxxxx GQxT20xJ-xxxxxxx	Disable	Disable
HA8000/TS10xN1	GUxT11xN-xxxxxxx	Disable	Disable
HA8000/TS10xN	GUxT10xN-xxxxxxx	Disable	Disable
HA8000/TS10-hxM2	GQxT12HM-xxxxxxx GQxT12KM-xxxxxxx	Enable	Enable
HA8000/ TS10-hxM,xM1	GQxT11HM-xxxxxxx GQxT11KM-xxxxxxx GQxT10HM-xxxxxxx GQxT10KM-xxxxxxx GQxT1xJM-xxxxxxx GQxT1xLM-xxxxxxx GQxT1xMM-xxxxxxx	Enable	Disable
HA8000/ TS10xM,xM1 NS10xM,xM1	GQxT1xAM-xxxxxxx GQxT1xBM-xxxxxxx GQxT1xCM-xxxxxxx GQxT1xEM-xxxxxxx GQxT1xSM-xxxxxxx GQxT1xTM-xxxxxxx	Enable	Disable
HA8000/ TS10xL,xL1,xL2 NS10xL,xL1,xL2	GQxT1xxL-xxxxxxx	Disable	Disable
HA8000/ TS10xJ,xK,xK1	GQxT1xxK-xxxxxxx GQxT10xJ-xxxxxxx	Disable	Disable
HA8000/ SS10xL,xL1,xL2 NS10sxL,xL1,xL2	GQxS1xxL-xxxxxxx	Disable	Disable

"x" is any alphanumeric.

*1: IPMI Over LAN uses Network Interface Connector 1 or RMM Board.
*2: In the case that BMC FW Version is "03.06", it is impossible to avoid this problem by executing workaround 3. It is necessary to update BMC FW Version "03.21" or later, for avoiding this problem by executing workaround 3.

Revision history

July 13, 2017 : RS440xN1, RS440xN,RS220xN2,RS220xN1,RS210xN2,RS210xN1,TS20xN2,TS20xN,RS110xN1,RS110xN,TS10xN1 and TS10xN are added on the Machine Table.

November 21, 2014 : RS220xN and RS210xN are added on the Machine Table.

September 1, 2014 : This Security Information Page is made newly, sent.

Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information.
The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers.
The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself.
The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability.

Page Top