Supermicro will try to use other port if the IPMI is not connected

Supermicro will try to use other port if the IPMI is not connected Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-17-195 Final 1 1 2019-09-17T00:00:00 Current version 2019-09-17T00:00:00 2019-09-17T00:00:00 Some models of FortiAnalyzer and FortiManager have a default setting of "Failover", for remote IPMI access; this means that if no cable is plugged in the IPMI port, the IPMI implementation will request an IP address on the regular LAN port of the device, via DHCP requests.Should such a DHCP request succeed, access to the IPMI web GUI is then possible on the granted IP address, via the regular LAN port of the device.This presents an operational risk, as this default behavior may not be known or understood by administrators of the device; the latter risk is more important if the default IPMI admin passwords have not been changed. Improper access control FortiAnalyzer models:FAZ-400E, FAZ-1000E, FAZ-2000E, FAZ-3000F, FAZ-3500F, FAZ-3700FFortiManager models:FMG-300E, FMG-400E, FMG-2000E, FMG-3000FOther models and Fortinet products are confirmed to not have a default Failover setting. IPMI firmware has been updated to avoid that potential operational risk, and production shipments after July 2017 do not present that risk. For customer using affected models, Fortinet PSIRT suggests checking the IPMI interface settings and making sure the IPMI port option is set to "Dedicated" instead of "Failover". The procedure is detailed in this document entry: https://docs.fortinet.com/document/fortimanager/hardware/disable-the-ipmi-port/ As a measure of precaution, and regardless the product, when an IPMI port is present, we also suggest to not leave the IPMI interface admin password to its default value. The procedure to change it is detailed in this document entry: https://docs.fortinet.com/document/fortimanager/hardware/change-the-ipmi-port-password/ Fortinet is pleased to thank "taNET GmbH", "BOLL Engineering AG" and "CIC Consulting Informatico" for reporting this operational risk under responsible disclosure. Supermicro will try to use other port if the IPMI is not connected 0 https://fortiguard.fortinet.com/psirt/FG-IR-17-195 Supermicro will try to use other port if the IPMI is not connected Reference>