Vulnerability CVE-2004-2600


Published: 2004-12-31   Modified: 2012-02-12

Description:
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

Vendor: HP
Product: Carrier grade server cc3310 
Version: a9863a; a9862a;
Product: Carrier grade server cc3300 
Version: a6901a; a6900a;
Product: Carrier grade server cc2300 
Version: a6899a; a6898a;
Vendor: Intel
Product: Cli auto-configuration utility 
Product: Server platform sr870bh2 
Product: Server board sds2 
Product: Carrier grade server tsrlt2 
Product: Server configuration wizard 
Product: Server platform srsh4 
Product: Server board se7501hg2 
Product: Entry server board se7210tp1-e 
Product: System setup utility 
Product: Server platform spsh4 
Product: Server board scb2 
Product: Carrier grade server tigpr2u 
Product: Client system setup utility 
Product: Server platform sr870bn4 
Product: Server board se7500wv2 
Product: Carrier grade server tsrmt2 
Product: Server control 
Product: Server board shg2 
Product: Entry server platform sr1325tp1-e 

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://secunia.com/advisories/11315
http://xforce.iss.net/xforce/xfdb/15775
http://www.securityfocus.com/bid/10068
http://www.osvdb.org/4978
http://support.intel.com/support/motherboards/server/sb/CS-010422.htm
ftp://download.intel.com/support/motherboards/server/sb/aa6791invalidlanconfiguration040504.pdf

Related CVE
CVE-2019-0135
Improper permissions in the installer for Intel(R) Accelerated Storage Manager in RSTe v5.5 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0129
Improper permissions for Intel(R) USB 3.0 Creator Utility all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2019-0121
Improper permissions in Intel(R) Matrix Storage Manager 8.9.0.1023 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2018-18091
Use after free in Kernel Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may all...
CVE-2018-18090
Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow ...
CVE-2018-18089
Multiple out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 m...
CVE-2018-12224
Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an a...
CVE-2018-12223
Insufficient access control in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6...

Copyright 2019, cxsecurity.com

 

Back to Top