CVE-2004-2600

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2004-2600
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
ftp://download.intel.com/support/motherboards/server/sb/aa6791invalidlanconfiguration040504.pdf Vendor Advisory
http://support.intel.com/support/motherboards/server/sb/CS-010422.htm
http://www.securityfocus.com/bid/10068
http://www.osvdb.org/4978
http://secunia.com/advisories/11315 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15775
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:intel:cli_auto-configuration_utility:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:carrier_grade_server_tsrmt2:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:client_system_setup_utility:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:server_configuration_wizard:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:carrier_grade_server_tigpr2u:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:carrier_grade_server_tsrlt2:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:server_control:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:system_setup_utility:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:h:intel:entry_server_platform_sr1325tp1-e:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_scb2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_platform_sr870bn4:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_platform_srsh4:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc2300:a6898a:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc2300:a6899a:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc3300:a6900a:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_sds2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_se7500wv2:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc3310:a9863a:*:*:*:*:*:*:*
cpe:2.3:h:intel:entry_server_board_se7210tp1-e:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc3310:a9862a:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_se7501hg2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_platform_spsh4:*:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc3300:a6901a:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_shg2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_platform_sr870bh2:*:*:*:*:*:*:*:*
Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2004-2600

Mitre link : CVE-2004-2600

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

intel

  • client_system_setup_utility
  • entry_server_board_se7210tp1-e
  • server_board_se7500wv2
  • entry_server_platform_sr1325tp1-e
  • server_control
  • server_configuration_wizard
  • server_board_scb2
  • server_platform_sr870bh2
  • cli_auto-configuration_utility
  • server_board_se7501hg2
  • server_platform_srsh4
  • carrier_grade_server_tsrmt2
  • system_setup_utility
  • server_board_sds2
  • server_platform_sr870bn4
  • carrier_grade_server_tsrlt2
  • server_platform_spsh4
  • carrier_grade_server_tigpr2u
  • server_board_shg2

hp

  • carrier_grade_server_cc2300
  • carrier_grade_server_cc3310
  • carrier_grade_server_cc3300