CVE-2019-11178

Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.

CVSS v3.0 8.1 HIGH
CVSS v2.0 5.5 MEDIUM

8.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:P

Exploitability : 8.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:intel:bbs2600bpb:-:::::::*
	cpe:2.3:h:intel:bbs2600bpbr:-:::::::*
	cpe:2.3:h:intel:bbs2600bpq:-:::::::*
	cpe:2.3:h:intel:bbs2600bpqr:-:::::::*
	cpe:2.3:h:intel:bbs2600bps:-:::::::*
	cpe:2.3:h:intel:bbs2600bpsr:-:::::::*
	cpe:2.3:h:intel:bbs2600stb:-:::::::*
	cpe:2.3:h:intel:bbs2600stbr:-:::::::*
	cpe:2.3:h:intel:bbs2600stq:-:::::::*
	cpe:2.3:h:intel:bbs2600stqr:-:::::::*
	cpe:2.3:h:intel:hns2600bpb:-:::::::*
	cpe:2.3:h:intel:hns2600bpq:-:::::::*
	cpe:2.3:h:intel:hns2600bps:-:::::::*
	cpe:2.3:h:intel:hns2600bpb24:-:::::::*
	cpe:2.3:h:intel:hns2600bpq24:-:::::::*
	cpe:2.3:h:intel:hns2600bps24:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc24:-:::::::*
	cpe:2.3:h:intel:hns2600bpbr:-:::::::*
	cpe:2.3:h:intel:hns2600bpbrx:-:::::::*
	cpe:2.3:h:intel:hpchns2600bpbr:-:::::::*
	cpe:2.3:h:intel:hns2600bpqr:-:::::::*
	cpe:2.3:h:intel:hpchns2600bpqr:-:::::::*
	cpe:2.3:h:intel:hns2600bpsr:-:::::::*
	cpe:2.3:h:intel:hpchns2600bpsr:-:::::::*
	cpe:2.3:h:intel:hns2600bpb24r:-:::::::*
	cpe:2.3:h:intel:hns2600bpb24rx:-:::::::*
	cpe:2.3:h:intel:hns2600bpq24r:-:::::::*
	cpe:2.3:h:intel:hns2600bps24r:-:::::::*
	cpe:2.3:h:intel:hns2600bpblcr:-:::::::*
	cpe:2.3:h:intel:hns2600bpblc24r:-:::::::*
	cpe:2.3:h:intel:hpcr1208wftysr:-:::::::*
	cpe:2.3:h:intel:hpcr1208wfqysr:-:::::::*
	cpe:2.3:h:intel:r1304wf0ys:-:::::::*
	cpe:2.3:h:intel:r1304wftys:-:::::::*
	cpe:2.3:h:intel:r1208wftys:-:::::::*
	cpe:2.3:h:intel:r2308wftzs:-:::::::*
	cpe:2.3:h:intel:r2208wf0zs:-:::::::*
	cpe:2.3:h:intel:r2208wftzs:-:::::::*
	cpe:2.3:h:intel:r2208wfqzs:-:::::::*
	cpe:2.3:h:intel:r2312wf0np:-:::::::*
	cpe:2.3:h:intel:r2312wftzs:-:::::::*
	cpe:2.3:h:intel:r2312wfqzs:-:::::::*
	cpe:2.3:h:intel:r2224wfqzs:-:::::::*
	cpe:2.3:h:intel:r2224wftzs:-:::::::*
	cpe:2.3:h:intel:s2600wfq:-:::::::*
	cpe:2.3:h:intel:s2600wft:-:::::::*
	cpe:2.3:h:intel:s2600stb:-:::::::*
	cpe:2.3:h:intel:s2600stq:-:::::::*
	cpe:2.3:h:intel:s2600wf0:-:::::::*
	cpe:2.3:h:intel:s2600wf0r:-:::::::*
	cpe:2.3:h:intel:s2600wfqr:-:::::::*
	cpe:2.3:h:intel:s2600wftr:-:::::::*
	cpe:2.3:h:intel:s2600stbr:-:::::::*
	cpe:2.3:h:intel:s2600stqr:-:::::::*
	cpe:2.3:h:intel:r1208wftysr:-:::::::*
	cpe:2.3:h:intel:r1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:hpcr1304wf0ysr:-:::::::*
	cpe:2.3:h:intel:r1304wftysr:-:::::::*
	cpe:2.3:h:intel:hpcr1304wftysr:-:::::::*
	cpe:2.3:h:intel:r2208wftzsr:-:::::::*
	cpe:2.3:h:intel:r2208wftzsrx:-:::::::*
	cpe:2.3:h:intel:hpcr2208wftzsr:-:::::::*
	cpe:2.3:h:intel:hpcr2208wftzsrx:-:::::::*
cpe:2.3:h:intel:r2208wf0zsr:-:::::::*
cpe:2.3:h:intel:hpcr2208wf0zsr:-:::::::*
cpe:2.3:h:intel:r2224wftzsr:-:::::::*
cpe:2.3:h:intel:hpcr2224wftzsr:-:::::::*
cpe:2.3:h:intel:r2308wftzsr:-:::::::*
cpe:2.3:h:intel:hpcr2308wftzsr:-:::::::*
cpe:2.3:h:intel:r2312wftzsr:-:::::::*
cpe:2.3:h:intel:hpcr2312wftzsr:-:::::::*
cpe:2.3:h:intel:r2312wf0npr:-:::::::*
cpe:2.3:h:intel:hpcr2312wf0npr:-:::::::*
cpe:2.3:h:intel:r2208wfqzsr:-:::::::*
cpe:2.3:h:intel:hpcr2208wfqzsr:-:::::::*
cpe:2.3:h:intel:r1208wfqysr:-:::::::*
cpe:2.3:h:intel:s9256wk1hlc:-:::::::*
cpe:2.3:h:intel:s9248wk1hlc:-:::::::*
cpe:2.3:h:intel:s9232wk1hlc:-:::::::*
cpe:2.3:h:intel:s9248wk2hlc:-:::::::*
cpe:2.3:h:intel:s9232wk2hlc:-:::::::*
cpe:2.3:h:intel:s9248wk2hac:-:::::::*
cpe:2.3:h:intel:s9232wk2hac:-:::::::*

Information

Published : 2019-11-14 09:15

Updated : 2019-11-19 12:44

NVD link : CVE-2019-11178

Mitre link : CVE-2019-11178

JSON object : View

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Products Affected

intel

hns2600bpb24r
s9232wk2hlc
hns2600bpb24
s2600wftr
hpcr2208wf0zsr
hpcr1208wfqysr
hpcr1304wf0ysr
hpcr2208wftzsrx
hpcr2312wf0npr
s9232wk1hlc
bbs2600bpb
r2208wf0zs
hns2600bpq24
s2600stqr
r1208wftys
r1304wf0ysr
hns2600bpblc24
bbs2600stq
hns2600bpq
r2312wftzsr
s2600stq
r1304wf0ys
r2208wfqzs
bbs2600stb
s9232wk2hac
hns2600bpsr
s2600wf0
r2224wftzs
hns2600bps
s2600stb
s2600wft
r2312wftzs
bbs2600bpqr
s9248wk1hlc
hns2600bpblc
r2224wftzsr
hpcr2312wftzsr
s9248wk2hac
hns2600bpqr
hns2600bpblcr
s2600wfq
r2224wfqzs
hpcr1208wftysr
r2312wfqzs
s2600stbr
hpcr2224wftzsr
r2308wftzsr
r1208wftysr
bbs2600bps
bbs2600bpq
hpchns2600bpsr
hpcr1304wftysr
r2312wf0np
r2208wftzsr
s2600wfqr
hns2600bpbrx
hns2600bpq24r
s2600wf0r
s9248wk2hlc
hns2600bps24
hns2600bpb24rx
baseboard_management_controller_firmware
r2208wftzsrx
bbs2600stqr
r2208wfqzsr
hns2600bpbr
r1208wfqysr
r2308wftzs
r2312wf0npr
bbs2600stbr
bbs2600bpbr
bbs2600bpsr
hns2600bps24r
r1304wftysr
hpchns2600bpqr
hns2600bpblc24r
hpcr2208wfqzsr
r2208wftzs
hpcr2208wftzsr
hpchns2600bpbr
r1304wftys
hns2600bpb
hpcr2308wftzsr
r2208wf0zsr
s9256wk1hlc

8.1 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.5 /10

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2019-11178

8.1^/10

5.5^/10

Attach tags to `CVE-2019-11178`