Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
intelIntel Security CenterINTEL:INTEL-SA-00149
HistorySep 11, 2018 - 12:00 a.m.

Intel® Baseboard Management Controller (BMC) firmware Advisory

2018-09-1100:00:00
Intel Security Center
www.intel.com
10

0.003 Low

EPSS

Percentile

69.2%

JSON

Summary:

A potential security vulnerability in Intel® Baseboard Management Controller (BMC) firmware may allow escalation of privilege or denial of service. Intel is releasing updates for Intel® Baseboard Management Controller (BMC) firmware to mitigate this potential vulnerability.

Vulnerability Details

CVEID:** CVE-2018-12171**

Description: Privilege escalation in Intel® Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.

CVSS Base Score:** **8.3 High

CVSS Vector:** **CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected Products:

Product Family

|

Product Name

|

MM#

—|—|—

Intel® Server Board S2600BP

|

BBS2600BPB

|

948899

BBS2600BPQ

|

948900

BBS2600BPS

|

952609

HNS2600BPB

|

976668

HNS2600BPQ

|

976669

HNS2600BPS

|

976670

HNS2600BPB24

|

976671

HNS2600BPQ24

|

976675

HNS2600BPS24

|

976676

HNS2600BPBLC24

|

977207

HNS2600BPBLC

|

961401

Intel® Server Board S2600WF

|

S2600WFO

|

952644

S2600WFQ

|

952645

S2600WFT

|

952641

R1304WF0YS

|

952626

R1304WFTYS

|

952625

R1208WFTYS

|

952627

R2308WFTZS

|

952631

R2208WF0ZS

|

952629

R2208WFTZS

|

952628

R2208WFQZS

|

952637

R2312WF0NP

|

955876

R2312WFTZS

|

952632

R2312WFQZS

|

955877

R2224WFQZS

|

955875

R2224WFTZS

|

952633

Intel® Server Board S2600ST

|

S2600STB

|

957180

S2600STQ

|

957318

BBS2600STB

|

959820

BBS2600STQ

|

959727

Recommendations:

Intel recommends that users of affected products upgrade to the latest platform firmware package.

For systems based on the Intel® Server Board S2600BP family, the platform firmware package is available here, and is “00.01.0013”:
· SUP (EFI Shell) https://downloadcenter.intel.com/download/27633
· Intel® OFU (OS-level update) https://downloadcenter.intel.com/download/27637

For systems based on the Intel® Server Board S2600WF family, the platform firmware package is available here, and is “00.01.0013”:
· SUP (EFI Shell) <https://downloadcenter.intel.com/download/27632&gt;
· Intel® OFU (OS-level update) <https://downloadcenter.intel.com/download/27642&gt;

For systems based on the Intel® Server Board S2600ST family, the platform firmware package is available here, and is “00.01.0013”:
· SUP (EFI Shell) <https://downloadcenter.intel.com/download/27672&gt;
· Intel® OFU (OS-level update) <https://downloadcenter.intel.com/download/27643&gt;

Acknowledgements:

Intel would like to thank Lenovo** **for reporting this issue and working with us on coordinated disclosure.

Related

cve 1
nvd 1
prion 1
f5 1
cvelist 1
cve
cve
CVE-2018-12171
2018-09-12 19:29:01
nvd
nvd
CVE-2018-12171
2018-09-12 19:29:01
prion
prion
Privilege escalation
2018-09-12 19:29:00
f5
f5
K77452266 : Intel CPU vulnerability CVE-2018-12171
2018-09-28 00:00:00
cvelist
cvelist
CVE-2018-12171
2018-09-11 00:00:00

0.003 Low

EPSS

Percentile

69.2%

JSON
Related for INTEL:INTEL-SA-00149
cve1nvd1prion1f51cvelist1