Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00313
HistoryApr 28, 2020 - 12:00 a.m.

Intel® BMC Advisory

2020-04-2800:00:00
Intel Security Center
www.intel.com
12

EPSS

0.002

Percentile

61.3%

JSON

Summary:

Potential security vulnerabilities in Intel® Baseboard Management Controller (BMC) firmware may allow escalation of privilege, denial of service and/or information disclosure.** **Intel is releasing firmware updates to mitigate these potential vulnerabilities.

Vulnerability Details:

CVEID: CVE-2019-11168

Description: Insufficient session validation in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

CVSS Base Score: 8.1 High

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVEID: CVE-2019-11170

Description: Authentication bypass in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access.

CVSS Base Score: 7.3 High

CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

CVEID: CVE-2019-11171

Description: Heap corruption in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.

CVSS Base Score: 9.0 Critical

CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVEID: CVE-2019-11172

Description: Out of bound read in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 5.4 Medium

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVEID: CVE-2019-11173

Description: Insufficient session validation in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.

CVSS Base Score: 5.7 Medium

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

CVEID: CVE-2019-11174

Description: Insufficient access control in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 5.3 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVEID: CVE-2019-11175

Description: Insufficient input validation in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 7.5 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVEID: CVE-2019-11177

Description: Unhandled exception in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 3.7 Low

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVEID: CVE-2019-11178

Description: Stack overflow in Intel® Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.

CVSS Base Score: 7.1 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CVEID: CVE-2019-11179

Description: Insufficient input validation in Intel® Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access.

CVSS Base Score: 6.5 Medium

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVEID: CVE-2019-11180

Description: Insufficient input validation in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 8.2 High

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CVEID: CVE-2019-11181

Description: Out of bound read in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVSS Base Score: 3.7 Low

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVEID: CVE-2019-11182

Description: Memory corruption in Intel® Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

CVSS Base Score: 8.1 High

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

Intel® Server Boards:

  • BBS2600BPB
  • BBS2600BPQ
  • BBS2600BPS
  • BBS2600BPBR
  • BBS2600BPQR
  • BBS2600BPSR
  • S2600WF0
  • S2600WFQ
  • S2600WFT
  • S2600WF0R
  • S2600WFQR
  • S2600WFTR
  • S2600STB
  • S2600STQ
  • S2600STBR
  • S2600STQR
  • BBS2600STB
  • BBS2600STQ
  • BBS2600STBR
  • BBS2600STQR

Intel® Compute Modules:

  • HNS2600BPB
  • HNS2600BPQ
  • HNS2600BPS
  • HNS2600BPB24
  • HNS2600BPQ24
  • HNS2600BPS24
  • HNS2600BPBLC
  • HNS2600BPBLC24
  • HNS2600BPBR
  • HNS2600BPBRX
  • HPCHNS2600BPBR
  • HNS2600BPQR
  • HPCHNS2600BPQR
  • HNS2600BPSR
  • HPCHNS2600BPSR
  • HNS2600BPB24R
  • HNS2600BPB24RX
  • HNS2600BPQ24R
  • HNS2600BPS24R
  • HNS2600BPBLCR
  • HNS2600BPBLC24R
  • S9256WK1HLC
  • S9248WK1HLC
  • S9232WK1HLC
  • S9248WK2HLC
  • S9232WK2HLC
  • S9248WK2HAC
  • S9232WK2HAC

Intel® Server Systems:

  • R1304WF0YS
  • R1304WFTYS
  • R1208WFTYS
  • R2308WFTZS
  • R2208WF0ZS
  • R2208WFTZS
  • R2208WFQZS
  • R2312WF0NP
  • R2312WFTZS
  • R2312WFQZS
  • R2224WFQZS
  • R2224WFTZS
  • R1208WFTYSR
  • HPCR1208WFTYSR
  • R1304WF0YSR
  • HPCR1304WF0YSR
  • R1304WFTYSR
  • HPCR1304WFTYSR
  • R2208WFTZSR
  • R2208WFTZSRX
  • HPCR2208WFTZSR
  • HPCR2208WFTZSRX
  • R2208WF0ZSR
  • HPCR2208WF0ZSR
  • R2224WFTZSR
  • HPCR2224WFTZSR
  • R2308WFTZSR
  • HPCR2308WFTZSR
  • R2312WFTZSR
  • HPCR2312WFTZSR
  • R2312WF0NPR
  • HPCR2312WF0NPR
  • R2208WFQZSR
  • HPCR2208WFQZSR
  • R1208WFQYSR
  • HPCR1208WFQYSR

Recommendations:

Intel recommends that users of Intel® BMC firmware update to version 2.18 or later.

Acknowledgements:

The following issues were found internally by Intel. Intel would like to thank Michael N Henry (CVE-2019-11168), Daniel Medina Velazquez (CVE-2019-11171; CVE-2019-11173; CVE-2019-11174; CVE-2019-11175; CVE-2019-11178; CVE-2019-11179; CVE-2019-11180; CVE-2019-11181; CVE-2019-11182), Hareesh Khattri (CVE-2019-11170; CVE-2019-11172; CVE-2019-11173), Parbati K Manna (CVE-2019-11177).

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.

Related

lenovo 2
f5 1
prion 13
cvelist 13
cve 13
nvd 13
lenovo
lenovo
Intel BMC Vulnerabilities​ - Lenovo Support US
2019-11-19 01:21:22
Intel BMC Vulnerabilities​ - Lenovo Support US
2019-11-19 01:21:22
f5
f5
K64346530 : Multiple Intel CPU vulnerabilities
2019-11-15 00:00:00
prion
prion
Stack overflow
2019-11-14 17:15:00
Design/Logic Flaw
2019-11-14 17:15:00
Memory corruption
2019-11-14 17:15:00
cvelist
cvelist
CVE-2019-11172
2019-11-14 16:36:45
CVE-2019-11177
2019-11-14 16:37:36
CVE-2019-11174
2019-11-14 16:37:10
cve
cve
CVE-2019-11168
2019-11-14 17:15:13
CVE-2019-11181
2019-11-14 17:15:14
CVE-2019-11179
2019-11-14 17:15:14
nvd
nvd
CVE-2019-11178
2019-11-14 17:15:14
CVE-2019-11168
2019-11-14 17:15:13
CVE-2019-11175
2019-11-14 17:15:14

EPSS

0.002

Percentile

61.3%

JSON
Related for INTEL:INTEL-SA-00313
lenovo2f51prion13cvelist13cve13nvd13