Potential security vulnerabilities in some Intel® Server Board Baseboard Management Controller (BMC) firmware may allow escalation of privilege or information disclosure. Intel is releasing firmware updates to mitigate these potential vulnerabilities.****
CVEID: CVE-2022-40242 (Non-Intel issued)
Description: Insufficiently protected credentials in some Intel® Server Board BMC firmware’s before versions 1.11, v0027 and 4.15 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVSS Base Score: 8.3 High
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H****
CVEID: CVE-2022-2827 (Non-Intel issued)
Description: Improper access control in some Intel® Server Board BMC firmware before versions 1.11, v0027 and 4.15 may allow an unauthenticated user to potentially enable information disclosure via network access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N****
Intel® Server Board M10JNP2SB Family BMC Firmware before version 1.11.
Intel® Server Board M20NTP Family BMC Firmware before version v0027.
Intel® Server Board M70KLP2SB Family BMC Firmware before version 4.15.
Intel recommends updating the firmware for the affected Intel® Server Boards to the latest version:
Intel would like to thank Vlad Babkin of Eclypsium Research for reporting these issues as part of VU#507384.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.