On Wed, Dec 24, 2025, 02:59 Saku Ytti via NANOG . > > Personally, I don't care about BMC security, it's not important. > People are asking it to be CLI only, it was, so was CMP, BMC and CMP > were what we wanted, we just didn't bother figuring it out. >
I mean it's not like a serious flaw was ever found[0] on the thing that grants access to "ring -4" and above. I'm sure those security guys are just giving you a hard time for funzies, those scoundrels! [0] a. http://fish2.com/ipmi/cipherzero.html https://nvd.nist.gov/vuln/detail/CVE-2013-4782 https://nvd.nist.gov/vuln/detail/CVE-2013-4783 https://nvd.nist.gov/vuln/detail/CVE-2013-4784 https://nvd.nist.gov/vuln/detail/CVE-2014-2955 b. https://eclypsium.com/blog/virtual-media-vulnerability-in-bmc-opens-servers-to-remote-attack/ c. https://nvd.nist.gov/vuln/detail/cve-2019-6260 > _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/HIGUKUNZPX65ZHASE34FFXJHZQYQLL73/
