CVE-2019-11168

Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://support.f5.com/csp/article/K64346530?utm_source=f5support&amp%3Butm_medium=RSS
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html	Vendor Advisory
https://support.f5.com/csp/article/K64346530?utm_source=f5support&amp%3Butm_medium=RSS
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:bbs2600bpb:-:::::::*
	cpe:2.3:h:intel:bbs2600bpbr:-:::::::*
	cpe:2.3:h:intel:bbs2600bpq:-:::::::*
	cpe:2.3:h:intel:bbs2600bpqr:-:::::::*
	cpe:2.3:h:intel:bbs2600bps:-:::::::*
	cpe:2.3:h:intel:bbs2600bpsr:-:::::::*
	cpe:2.3:h:intel:bbs2600stb:-:::::::*
	cpe:2.3:h:intel:bbs2600stbr:-:::::::*
	cpe:2.3:h:intel:bbs2600stq:-:::::::*
	cpe:2.3:h:intel:bbs2600stqr:-:::::::*
	cpe:2.3:h:intel:hns2600bpb:-:::::::*
	cpe:2.3:h:intel:hns2600bpb24:-:::::::*
	cpe:2.3:h:intel:hns2600bpb24r:-:::::::*
	cpe:2.3:h:intel:hns2600bpb24rx:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc24:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc24r:-:::::::*
	cpe:2.3:h:intel:hns2600bpblcr:-:::::::*
	cpe:2.3:h:intel:hns2600bpbr:-:::::::*
	cpe:2.3:h:intel:hns2600bpbrx:-:::::::*
	cpe:2.3:h:intel:hns2600bpq:-:::::::*
	cpe:2.3:h:intel:hns2600bpq24:-:::::::*
	cpe:2.3:h:intel:hns2600bpq24r:-:::::::*
	cpe:2.3:h:intel:hns2600bpqr:-:::::::*
	cpe:2.3:h:intel:hns2600bps:-:::::::*
	cpe:2.3:h:intel:hns2600bps24:-:::::::*
	cpe:2.3:h:intel:hns2600bps24r:-:::::::*
	cpe:2.3:h:intel:hns2600bpsr:-:::::::*
	cpe:2.3:h:intel:hpchns2600bpbr:-:::::::*
	cpe:2.3:h:intel:hpchns2600bpqr:-:::::::*
	cpe:2.3:h:intel:hpchns2600bpsr:-:::::::*
	cpe:2.3:h:intel:hpcr1208wfqysr:-:::::::*
	cpe:2.3:h:intel:hpcr1208wftysr:-:::::::*
	cpe:2.3:h:intel:hpcr1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:hpcr1304wftysr:-:::::::*
	cpe:2.3:h:intel:hpcr2208wf0zsr:-:::::::*
	cpe:2.3:h:intel:hpcr2208wfqzsr:-:::::::*
	cpe:2.3:h:intel:hpcr2208wftzsr:-:::::::*
	cpe:2.3:h:intel:hpcr2208wftzsrx:-:::::::*
	cpe:2.3:h:intel:hpcr2224wftzsr:-:::::::*
	cpe:2.3:h:intel:hpcr2308wftzsr:-:::::::*
	cpe:2.3:h:intel:hpcr2312wf0npr:-:::::::*
	cpe:2.3:h:intel:hpcr2312wftzsr:-:::::::*
	cpe:2.3:h:intel:r1208wfqysr:-:::::::*
	cpe:2.3:h:intel:r1208wftys:-:::::::*
	cpe:2.3:h:intel:r1208wftysr:-:::::::*
	cpe:2.3:h:intel:r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:r1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:r1304wftys:-:::::::*
	cpe:2.3:h:intel:r1304wftysr:-:::::::*
	cpe:2.3:h:intel:r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:r2208wf0zsr:-:::::::*
	cpe:2.3:h:intel:r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:r2208wfqzsr:-:::::::*
	cpe:2.3:h:intel:r2208wftzs:-:::::::*
	cpe:2.3:h:intel:r2208wftzsr:-:::::::*
	cpe:2.3:h:intel:r2208wftzsrx:-:::::::*
	cpe:2.3:h:intel:r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:r2224wftzs:-:::::::*
	cpe:2.3:h:intel:r2224wftzsr:-:::::::*
	cpe:2.3:h:intel:r2308wftzs:-:::::::*
	cpe:2.3:h:intel:r2308wftzsr:-:::::::*
	cpe:2.3:h:intel:r2312wf0np:-:::::::*
	cpe:2.3:h:intel:r2312wf0npr:-:::::::*
cpe:2.3:h:intel:r2312wfqzs:-:::::::*
cpe:2.3:h:intel:r2312wftzs:-:::::::*
cpe:2.3:h:intel:r2312wftzsr:-:::::::*
cpe:2.3:h:intel:s2600stb:-:::::::*
cpe:2.3:h:intel:s2600stbr:-:::::::*
cpe:2.3:h:intel:s2600stq:-:::::::*
cpe:2.3:h:intel:s2600stqr:-:::::::*
cpe:2.3:h:intel:s2600wf0:-:::::::*
cpe:2.3:h:intel:s2600wf0r:-:::::::*
cpe:2.3:h:intel:s2600wfq:-:::::::*
cpe:2.3:h:intel:s2600wfqr:-:::::::*
cpe:2.3:h:intel:s2600wft:-:::::::*
cpe:2.3:h:intel:s2600wftr:-:::::::*
cpe:2.3:h:intel:s9232wk1hlc:-:::::::*
cpe:2.3:h:intel:s9232wk2hac:-:::::::*
cpe:2.3:h:intel:s9232wk2hlc:-:::::::*
cpe:2.3:h:intel:s9248wk1hlc:-:::::::*
cpe:2.3:h:intel:s9248wk2hac:-:::::::*
cpe:2.3:h:intel:s9248wk2hlc:-:::::::*
cpe:2.3:h:intel:s9256wk1hlc:-:::::::*

History

No history.

Information

Published : 2019-11-14 17:15

Updated : 2024-11-21 04:20

NVD link : CVE-2019-11168

Mitre link : CVE-2019-11168

CVE.ORG link : CVE-2019-11168

JSON object : View

Products Affected

intel

r2208wfqzsr
r2224wftzsr
r2312wfqzs
r2224wftzs
hpcr2208wf0zsr
r2208wftzs
hns2600bpblc24r
s2600wfq
r2308wftzs
hpcr2312wf0npr
hpcr1208wfqysr
hpcr1208wftysr
r2208wf0zsr
r2312wftzsr
hns2600bpblc24
hns2600bpb24rx
r2208wf0zs
r1208wfqysr
hns2600bpbr
r2224wfqzs
hpcr1304wf0ysr
hpcr2208wftzsrx
s9232wk1hlc
hns2600bpb24r
baseboard_management_controller_firmware
s2600stq
r2312wf0np
hpcr2208wftzsr
s2600stqr
s9248wk2hlc
r1304wftysr
hns2600bpb
hns2600bpb24
bbs2600stbr
hpcr1304wftysr
bbs2600stq
bbs2600bpqr
bbs2600bpsr
hns2600bpblcr
r2308wftzsr
hns2600bpqr
hns2600bpq24r
s2600wftr
hpcr2308wftzsr
s2600wf0
bbs2600bpb
r2312wftzs
r1208wftys
hpchns2600bpsr
hpchns2600bpbr
r1304wftys
bbs2600bpq
s2600wf0r
bbs2600stqr
hns2600bpbrx
hpcr2224wftzsr
s2600stbr
s2600wft
s9232wk2hlc
s9232wk2hac
hpchns2600bpqr
r1208wftysr
r1304wf0ys
r2208wftzsrx
hns2600bpblc
s2600wfqr
r1304wf0ysr
s9248wk2hac
hns2600bpsr
r2312wf0npr
hns2600bpq
r2208wftzsr
r2208wfqzs
hns2600bpq24
bbs2600stb
s9256wk1hlc
bbs2600bpbr
hpcr2312wftzsr
hns2600bps
bbs2600bps
hns2600bps24r
hpcr2208wfqzsr
hns2600bps24
s9248wk1hlc
s2600stb

CWE

NVD-CWE-noinfo

9.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

6.4 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-11168

9.1^/10

6.4^/10

Attach tags to `CVE-2019-11168`