Lucene search

K
lenovoLenovoLENOVO:PS500241-NOSID
HistoryMay 02, 2019 - 1:16 p.m.

ASPEED AST-series BMC Vulnerability - US

2019-05-0213:16:51
support.lenovo.com
81

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

63.3%

Lenovo Security Advisory: LEN-26252

Potential Impact: Privilege escalation

Severity: High

Scope of Impact: Industry-wide

CVE Identifier: CVE-2019-6260

Summary Description:

An industry-wide vulnerability affecting ASPEED AST-series Baseboard Management Controllers (BMCs) used in certain servers and storage devices can allow arbitrary read and write access to the BMC’s physical address space from the host. ThinkSystem and System x servers are not affected.

Mitigation Strategy for Customers (what you should do to protect yourself):

Upgrade to the firmware version (or newer) indicated for your model in the Product Impact section below.


Product Impact:

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

63.3%

Related for LENOVO:PS500241-NOSID