Lucene search

[email protected]NVD:CVE-2020-5633

HistoryJan 13, 2021 - 10:15 a.m.

CVE-2020-5633

2021-01-1310:15:14

CWE-287

[email protected]

web.nvd.nist.gov

nec

bmc firmware

remote authentication

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.

Affected configurations

Nvd

Node

necbaseboard_management_controllerRange≤1.09

AND

necexpress5800\/gt110jMatch-

necexpress5800\/t110jMatch-

necexpress5800\/t110j-sMatch-

necexpress5800\/t110j-s_\(2nd-gen\)Match-

necexpress5800\/t110j_\(2nd-gen\)Match-

necistorage_ns100tiMatch-

VendorProductVersionCPE
necbaseboard_management_controller*cpe:2.3:o:nec:baseboard_management_controller:*:*:*:*:*:*:*:*
necexpress5800\/gt110j-cpe:2.3:h:nec:express5800\/gt110j:-:*:*:*:*:*:*:*
necexpress5800\/t110j-cpe:2.3:h:nec:express5800\/t110j:-:*:*:*:*:*:*:*
necexpress5800\/t110j-s-cpe:2.3:h:nec:express5800\/t110j-s:-:*:*:*:*:*:*:*
necexpress5800\/t110j-s_\(2nd-gen\)-cpe:2.3:h:nec:express5800\/t110j-s_\(2nd-gen\):-:*:*:*:*:*:*:*
necexpress5800\/t110j_\(2nd-gen\)-cpe:2.3:h:nec:express5800\/t110j_\(2nd-gen\):-:*:*:*:*:*:*:*
necistorage_ns100ti-cpe:2.3:h:nec:istorage_ns100ti:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nec	baseboard_management_controller	*	cpe:2.3:o:nec:baseboard_management_controller::::::::
nec	express5800\/gt110j	-	cpe:2.3:h:nec:express5800\/gt110j:-:::::::*
nec	express5800\/t110j	-	cpe:2.3:h:nec:express5800\/t110j:-:::::::*
nec	express5800\/t110j-s	-	cpe:2.3:h:nec:express5800\/t110j-s:-:::::::*
nec	express5800\/t110j-s_\(2nd-gen\)	-	cpe:2.3:h:nec:express5800\/t110j-s_\(2nd-gen\):-:::::::*
nec	express5800\/t110j_\(2nd-gen\)	-	cpe:2.3:h:nec:express5800\/t110j_\(2nd-gen\):-:::::::*
nec	istorage_ns100ti	-	cpe:2.3:h:nec:istorage_ns100ti:-:::::::*

References

jpn.nec.com/security-info/secinfo/nv21-002.html

jvn.jp/en/jp/JVN38752718/index.html

www.support.nec.co.jp/View.aspx?id=9010108754

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

Related for NVD:CVE-2020-5633

cve1 cvelist1 prion1 jvn1