Vulnerability CVE-2004-2600
Published: 2004-12-31   Modified: 2012-02-12

Description:
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Intel -> Server board se7500wv2 
Intel -> Cli auto-configuration utility 
Intel -> Server board se7501hg2 
Intel -> Client system setup utility 
Intel -> Server board shg2 
Intel -> Server configuration wizard 
Intel -> Server platform spsh4 
Intel -> Server control 
Intel -> Server platform sr870bh2 
Intel -> System setup utility 
Intel -> Server platform sr870bn4 
Intel -> Server platform srsh4 
Intel -> Carrier grade server tigpr2u 
Intel -> Carrier grade server tsrlt2 
Intel -> Carrier grade server tsrmt2 
Intel -> Entry server board se7210tp1-e 
Intel -> Entry server platform sr1325tp1-e 
Intel -> Server board scb2 
Intel -> Server board sds2 
HP -> Carrier grade server cc2300 
HP -> Carrier grade server cc3300 
HP -> Carrier grade server cc3310 

 References:
http://secunia.com/advisories/11315
http://xforce.iss.net/xforce/xfdb/15775
http://www.securityfocus.com/bid/10068
http://www.osvdb.org/4978
http://support.intel.com/support/motherboards/server/sb/CS-010422.htm
ftp://download.intel.com/support/motherboards/server/sb/aa6791invalidlanconfiguration040504.pdf
Copyright 2024, cxsecurity.com

 

Back to Top