A potential security vulnerability in Intel® Baseboard Management Controller (BMC) firmware may allow escalation of privilege or denial of service. Intel is releasing updates for Intel® Baseboard Management Controller (BMC) firmware to mitigate this potential vulnerability.
CVEID:** CVE-2018-12171**
Description: Privilege escalation in Intel® Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network.
CVSS Base Score:** **8.3 High
CVSS Vector:** **CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Product Family
|
Product Name
|
MM#
—|—|—
Intel® Server Board S2600BP
|
BBS2600BPB
|
948899
BBS2600BPQ
|
948900
BBS2600BPS
|
952609
HNS2600BPB
|
976668
HNS2600BPQ
|
976669
HNS2600BPS
|
976670
HNS2600BPB24
|
976671
HNS2600BPQ24
|
976675
HNS2600BPS24
|
976676
HNS2600BPBLC24
|
977207
HNS2600BPBLC
|
961401
Intel® Server Board S2600WF
|
S2600WFO
|
952644
S2600WFQ
|
952645
S2600WFT
|
952641
R1304WF0YS
|
952626
R1304WFTYS
|
952625
R1208WFTYS
|
952627
R2308WFTZS
|
952631
R2208WF0ZS
|
952629
R2208WFTZS
|
952628
R2208WFQZS
|
952637
R2312WF0NP
|
955876
R2312WFTZS
|
952632
R2312WFQZS
|
955877
R2224WFQZS
|
955875
R2224WFTZS
|
952633
Intel® Server Board S2600ST
|
S2600STB
|
957180
S2600STQ
|
957318
BBS2600STB
|
959820
BBS2600STQ
|
959727
Intel recommends that users of affected products upgrade to the latest platform firmware package.
For systems based on the Intel® Server Board S2600BP family, the platform firmware package is available here, and is “00.01.0013”:
· SUP (EFI Shell) https://downloadcenter.intel.com/download/27633
· Intel® OFU (OS-level update) https://downloadcenter.intel.com/download/27637
For systems based on the Intel® Server Board S2600WF family, the platform firmware package is available here, and is “00.01.0013”:
· SUP (EFI Shell) <https://downloadcenter.intel.com/download/27632>
· Intel® OFU (OS-level update) <https://downloadcenter.intel.com/download/27642>
For systems based on the Intel® Server Board S2600ST family, the platform firmware package is available here, and is “00.01.0013”:
· SUP (EFI Shell) <https://downloadcenter.intel.com/download/27672>
· Intel® OFU (OS-level update) <https://downloadcenter.intel.com/download/27643>
Intel would like to thank Lenovo** **for reporting this issue and working with us on coordinated disclosure.