CVE-2019-11172

Опубликовано: 14 нояб. 2019

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

Ссылки

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html
Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*

Версия до 2.18 (исключая)

Одно из

cpe:2.3:h:intel:bbs2600bpb:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600bpbr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600bpq:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600bpqr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600bps:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600bpsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600stb:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600stbr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600stq:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:bbs2600stqr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpb:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpb24:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpb24r:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpb24rx:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpblc:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpblc24:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpblc24r:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpblcr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpbr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpbrx:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpq:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpq24:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpq24r:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpqr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bps:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bps24:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bps24r:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hns2600bpsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpchns2600bpbr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpchns2600bpqr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpchns2600bpsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr1208wfqysr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr1208wftysr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr1304wf0ysr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr1304wftysr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr2208wf0zsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr2208wfqzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr2208wftzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr2208wftzsrx:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr2224wftzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr2308wftzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr2312wf0npr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:hpcr2312wftzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r1208wfqysr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r1208wftys:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r1208wftysr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r1304wf0ys:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r1304wf0ysr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r1304wftys:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r1304wftysr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2208wf0zs:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2208wf0zsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2208wfqzs:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2208wfqzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2208wftzs:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2208wftzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2208wftzsrx:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2224wfqzs:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2224wftzs:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2224wftzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2308wftzs:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2308wftzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2312wf0np:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2312wf0npr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2312wfqzs:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2312wftzs:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:r2312wftzsr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600stb:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600stbr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600stq:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600stqr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600wf0:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600wf0r:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600wfq:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600wfqr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600wft:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s2600wftr:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s9232wk1hlc:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s9232wk2hac:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s9232wk2hlc:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s9248wk1hlc:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s9248wk2hac:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s9248wk2hlc:-:*:*:*:*:*:*:*

cpe:2.3:h:intel:s9256wk1hlc:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00489

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

GHSA-4c83-m6v2-mvrm

CVSS3: 5.3

github

больше 3 лет назад

Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

BDU:2019-04623

CVSS3: 5.4

fstec

около 6 лет назад

Уязвимость микропрограммного обеспечения контроллера удаленного управления Intel Baseboard Management Controller (BMC), связанная с чтением за границами буфера в памяти, позволяющая нарушителю раскрыть защищаемую информацию