Lucene search

F5F5:K000133512

HistoryApr 14, 2023 - 12:00 a.m.

K000133512 : Intel platform vulnerabilities (INTEL-SA-00737) CVE-2021-39295, CVE-2021-39296, CVE-2022-29493, CVE-2022-29494, and CVE-2022-35729

2023-04-1400:00:00

my.f5.com

intel platform

denial of service

authorization bypass

uncaught exception

input validation

firmware

out of bounds

AI Score

7.2

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

Security Advisory Description

CVE-2021-39295

In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.

CVE-2021-39296

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.

CVE-2022-29493

Uncaught exception in webserver for the Integrated BMC in some Intel® platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.

CVE-2022-29494

Improper input validation in firmware for OpenBMC in some Intel® platforms before versions egs-0.91-179 and bhs-04-45 may allow an authenticated user to potentially enable denial of service via network access.

CVE-2022-35729

Out of bounds read in firmware for OpenBMC in some Intel® platforms before version 0.72 may allow unauthenticated user to potentially enable denial of service via network access.

Impact

There is no impact; F5 products are not affected by these vulnerabilities.