Lucene search

GoogleOSV:CVE-2021-39295

HistoryApr 15, 2023 - 8:16 p.m.

CVE-2021-39295

2023-04-1520:16:00

Google

osv.dev

openbmc

denial of service

crafted ipmi messages

netipmid interface

software vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.

References

github.com/google/security-research/security/advisories/GHSA-gg9x-v835-m48q

github.com/openbmc/docs/blob/master/release/release-notes.md

github.com/openbmc/openbmc

github.com/openbmc/openbmc/issues/3811

openbmc.org

www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.004

Percentile

75.1%

JSON

Related for OSV:CVE-2021-39295