CVE-2019-11179

EPSS 0.41%
Published 14.11.2019 17:15:14
Last modified 21.11.2024 04:20:40
Source secure@intel.com
Teams watchlist Login
Open Login

Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Intel ≫ Baseboard Management Controller Firmware Version < 2.18

   Intel ≫ Bbs2600bpb Version-
   Intel ≫ Bbs2600bpbr Version-
   Intel ≫ Bbs2600bpq Version-
   Intel ≫ Bbs2600bpqr Version-
   Intel ≫ Bbs2600bps Version-
   Intel ≫ Bbs2600bpsr Version-
   Intel ≫ Bbs2600stb Version-
   Intel ≫ Bbs2600stbr Version-
   Intel ≫ Bbs2600stq Version-
   Intel ≫ Bbs2600stqr Version-
   Intel ≫ Hns2600bpb Version-
   Intel ≫ Hns2600bpb24 Version-
   Intel ≫ Hns2600bpb24r Version-
   Intel ≫ Hns2600bpb24rx Version-
   Intel ≫ Hns2600bpblc Version-
   Intel ≫ Hns2600bpblc24 Version-
   Intel ≫ Hns2600bpblc24r Version-
   Intel ≫ Hns2600bpblcr Version-
   Intel ≫ Hns2600bpbr Version-
   Intel ≫ Hns2600bpbrx Version-
   Intel ≫ Hns2600bpq Version-
   Intel ≫ Hns2600bpq24 Version-
   Intel ≫ Hns2600bpq24r Version-
   Intel ≫ Hns2600bpqr Version-
   Intel ≫ Hns2600bps Version-
   Intel ≫ Hns2600bps24 Version-
   Intel ≫ Hns2600bps24r Version-
   Intel ≫ Hns2600bpsr Version-
   Intel ≫ Hpchns2600bpbr Version-
   Intel ≫ Hpchns2600bpqr Version-
   Intel ≫ Hpchns2600bpsr Version-
   Intel ≫ Hpcr1208wfqysr Version-
   Intel ≫ Hpcr1208wftysr Version-
   Intel ≫ Hpcr1304wf0ysr Version-
   Intel ≫ Hpcr1304wftysr Version-
   Intel ≫ Hpcr2208wf0zsr Version-
   Intel ≫ Hpcr2208wfqzsr Version-
   Intel ≫ Hpcr2208wftzsr Version-
   Intel ≫ Hpcr2208wftzsrx Version-
   Intel ≫ Hpcr2224wftzsr Version-
   Intel ≫ Hpcr2308wftzsr Version-
   Intel ≫ Hpcr2312wf0npr Version-
   Intel ≫ Hpcr2312wftzsr Version-
   Intel ≫ R1208wfqysr Version-
   Intel ≫ R1208wftys Version-
   Intel ≫ R1208wftysr Version-
   Intel ≫ R1304wf0ys Version-
   Intel ≫ R1304wf0ysr Version-
   Intel ≫ R1304wftys Version-
   Intel ≫ R1304wftysr Version-
   Intel ≫ R2208wf0zs Version-
   Intel ≫ R2208wf0zsr Version-
   Intel ≫ R2208wfqzs Version-
   Intel ≫ R2208wfqzsr Version-
   Intel ≫ R2208wftzs Version-
   Intel ≫ R2208wftzsr Version-
   Intel ≫ R2208wftzsrx Version-
   Intel ≫ R2224wfqzs Version-
   Intel ≫ R2224wftzs Version-
   Intel ≫ R2224wftzsr Version-
   Intel ≫ R2308wftzs Version-
   Intel ≫ R2308wftzsr Version-
   Intel ≫ R2312wf0np Version-
   Intel ≫ R2312wf0npr Version-
   Intel ≫ R2312wfqzs Version-
   Intel ≫ R2312wftzs Version-
   Intel ≫ R2312wftzsr Version-
   Intel ≫ S2600stb Version-
   Intel ≫ S2600stbr Version-
   Intel ≫ S2600stq Version-
   Intel ≫ S2600stqr Version-
   Intel ≫ S2600wf0 Version-
   Intel ≫ S2600wf0r Version-
   Intel ≫ S2600wfq Version-
   Intel ≫ S2600wfqr Version-
   Intel ≫ S2600wft Version-
   Intel ≫ S2600wftr Version-
   Intel ≫ S9232wk1hlc Version-
   Intel ≫ S9232wk2hac Version-
   Intel ≫ S9232wk2hlc Version-
   Intel ≫ S9248wk1hlc Version-
   Intel ≫ S9248wk2hac Version-
   Intel ≫ S9248wk2hlc Version-
   Intel ≫ S9256wk1hlc Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.581

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-11179

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-11179

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-11179

EUVD