Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2020-26122
HistoryDec 07, 2020 - 4:15 p.m.

CVE-2020-26122

2020-12-0716:15:12
CWE-347
mitre
web.nvd.nist.gov
31
cve-2020-26122
inspur
nf5266m5
server
remote code execution
bmc
firmware
signature verification
administrator privileges

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.008

Percentile

82.5%

JSON

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator’s rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.

Affected configurations

Nvd
Node
inspurnf8480m5_firmwareRange<1.19.34
AND
inspurnf8480m5Match-
Node
inspurnf8260m5Match-
AND
inspurnf8260m5_firmwareRange<1.19.34
Node
inspurns5162m5Match-
AND
inspurns5162m5_firmwareRange<4.5.3
Node
inspurns5488m5Match-
AND
inspurns5488m5_firmwareRange<1.19.33
Node
inspurns5484m5Match-
AND
inspurns5484m5_firmwareRange<1.19.33
Node
inspurns5482m5Match-
AND
inspurns5482m5_firmwareRange<1.19.33
Node
inspurnf5280m5Match-
AND
inspurnf5280m5_firmwareRange<4.26.6
Node
inspurnf5468m5Match-
AND
inspurnf5468m5_firmwareRange<1.18.51
Node
inspurnf5488m5-dMatch-
AND
inspurnf5488m5-d_firmwareRange<1.18.51
Node
inspurnf5180m5_firmwareRange<4.18.2
AND
inspurnf5180m5Match-
Node
inspurnf5270m5_firmwareRange<4.9.1
AND
inspurnf5270m5Match-
Node
inspurnf5260m5_firmwareRange<3.8.0
AND
inspurnf5260m5Match-
Node
inspurnf5266m5_firmwareRange<3.21.3
AND
inspurnf5266m5Match-
Node
inspurnf5466m5_firmwareRange<4.28.0
AND
inspurnf5466m5Match-
Node
inspurnf5486m5_firmwareRange<3.22.0
AND
inspurnf5486m5Match-
VendorProductVersionCPE
inspurnf8480m5_firmware*cpe:2.3:o:inspur:nf8480m5_firmware:*:*:*:*:*:*:*:*
inspurnf8480m5-cpe:2.3:h:inspur:nf8480m5:-:*:*:*:*:*:*:*
inspurnf8260m5-cpe:2.3:h:inspur:nf8260m5:-:*:*:*:*:*:*:*
inspurnf8260m5_firmware*cpe:2.3:o:inspur:nf8260m5_firmware:*:*:*:*:*:*:*:*
inspurns5162m5-cpe:2.3:h:inspur:ns5162m5:-:*:*:*:*:*:*:*
inspurns5162m5_firmware*cpe:2.3:o:inspur:ns5162m5_firmware:*:*:*:*:*:*:*:*
inspurns5488m5-cpe:2.3:h:inspur:ns5488m5:-:*:*:*:*:*:*:*
inspurns5488m5_firmware*cpe:2.3:o:inspur:ns5488m5_firmware:*:*:*:*:*:*:*:*
inspurns5484m5-cpe:2.3:h:inspur:ns5484m5:-:*:*:*:*:*:*:*
inspurns5484m5_firmware*cpe:2.3:o:inspur:ns5484m5_firmware:*:*:*:*:*:*:*:*
Rows per page:
1-10 of 301

Related

cvelist 1
prion 1
nvd 1
cvelist
cvelist
CVE-2020-26122
2020-12-07 15:34:55
prion
prion
Remote code execution
2020-12-07 16:15:00
nvd
nvd
CVE-2020-26122
2020-12-07 16:15:12

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.008

Percentile

82.5%

JSON
Related for CVE-2020-26122
cvelist1prion1nvd1