CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
34.2%
The version of the Intel BIOS on the remote device is affected by multiple vulnerabilities, as follows:
Buffer overflow in the BMC firmware for Intelยฎ Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access.
(CVE-2021-0101)
Improper input validation in the BMC firmware for Intelยฎ Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable an escalation of privilege via adjacent access. (CVE-2021-0070)
Out of bounds write in the BMC firmware for Intelยฎ Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.
(CVE-2021-0113)
Path traversal in the BMC firmware for Intelยฎ Server Board M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated user to potentially enable a denial of service via adjacent access.
(CVE-2021-0097)
Note that Nessus has not tested for this issue but has instead relied only on the self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(150859);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/17");
script_cve_id(
"CVE-2021-0070",
"CVE-2021-0097",
"CVE-2021-0101",
"CVE-2021-0113"
);
script_xref(name:"IAVA", value:"2021-A-0287-S");
script_name(english:"Intel Server Board M10JNP2SB Advisory (INTEL-SA-00474)");
script_set_attribute(attribute:"synopsis", value:
"The remote device is affected by multiple vulnerabilities.");
script_set_attribute(attribute:"description", value:
"The version of the Intel BIOS on the remote device is affected by multiple
vulnerabilities, as follows:
- Buffer overflow in the BMC firmware for Intel(R) Server Board M10JNP2SB
before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated
user to potentially enable an escalation of privilege via adjacent access.
(CVE-2021-0101)
- Improper input validation in the BMC firmware for Intel(R) Server Board
M10JNP2SB before version EFI BIOS 7215, BMC 8100.01.08 may allow an
unauthenticated user to potentially enable an escalation of privilege via
adjacent access. (CVE-2021-0070)
- Out of bounds write in the BMC firmware for Intel(R) Server Board M10JNP2SB
before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated
user to potentially enable a denial of service via adjacent access.
(CVE-2021-0113)
- Path traversal in the BMC firmware for Intel(R) Server Board M10JNP2SB
before version EFI BIOS 7215, BMC 8100.01.08 may allow an unauthenticated
user to potentially enable a denial of service via adjacent access.
(CVE-2021-0097)
Note that Nessus has not tested for this issue but has instead relied only on
the self-reported version number.");
# https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00474.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b333cccc");
script_set_attribute(attribute:"solution", value:
"Upgrade to the relevant BIOS and BMC firmware referenced in the vendor's advisory.");
script_set_attribute(attribute:"agent", value:"all");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-0101");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/08");
script_set_attribute(attribute:"patch_publication_date", value:"2021/06/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/h:intel:bios");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("bios_get_info_ssh.nasl", "bios_get_info_smb_reg.nasl");
script_require_keys("BIOS/Version", "BIOS/Vendor");
exit(0);
}
include('vcf.inc');
var vendor, version, ver_parts, vcf_version, vcf_parsed_version, app_info, constraints;
vendor = get_kb_item_or_exit('BIOS/Vendor');
if (vendor !~ "^Intel($| )") exit(0, 'The BIOS vendor is not Intel.');
version = get_kb_item_or_exit('BIOS/Version');
version = toupper(version);
# This is for M10JNP2SB, all server boards seem to have the model followed by 86B followed by 2 digits, 2 digits, 4
# digits, then, maybe, a timestamp.
if (version !~ "^M10JNP2SB\.86B\.\d{2}\.\d{2}\.\d{4}(\.|$)")
audit(AUDIT_INST_VER_NOT_VULN, "Intel BIOS", version);
ver_parts = split(version, sep: '.', keep: FALSE);
# https://www.intel.com/content/dam/support/us/en/documents/motherboards/server/s3000ah/sb/d72579003_s3000ah_tps_1_4.pdf
# BoardFamilyID.OEMID.MajorRev.MinorRev.BuildID.BuildDateTime
# Where BoardFamilyID here is M10JNP2SB, server boards usually use 86B for the OEMID, the major and minor rev are 2
# decimal digits, and the build ID is 4 decimal digits
# Assumes this 7.210 fix corresponds to the minor and build. Past plugins have just checked what would be the build
# here.
vcf_version = ver_parts[3] + '.' + ver_parts[4];
vcf_parsed_version = vcf::parse_version(vcf_version);
app_info = make_array(
'app', 'Intel BIOS',
'version', vcf_version,
'display_version', version,
'parsed_version' , vcf_parsed_version
);
constraints = [
{'fixed_version' : '7.215', 'fixed_display' : 'EFI BIOS 7215, BMC 8100.01.08 or later'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
34.2%