Lucene search

[email protected]CVE-2007-2387

HistoryJun 04, 2007 - 5:30 p.m.

CVE-2007-2387

2007-06-0417:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

apple

xserve

lights-out management

access

vulnerability

ipmi

administrative access

remote access

firmware update

intel hardware

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON

Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.

CPENameOperatorVersion
apple:xserve_lights-out_managementapple xserve lights-out managementeqfirmware_0

CPE	Name	Operator	Version
apple:xserve_lights-out_management	apple xserve lights-out management	eq	firmware_0

References

docs.info.apple.com/article.html?artnum=305571

lists.apple.com/archives/security-announce/2007/May/msg00006.html

osvdb.org/36128

secunia.com/advisories/25499

www.apple.com/support/downloads/xservelightsoutmanagementfirmwareupdate10.html

www.securityfocus.com/bid/24257

www.securitytracker.com/id?1018181

www.vupen.com/english/advisories/2007/2014

exchange.xforce.ibmcloud.com/vulnerabilities/34651

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2007-2387

prion1