7.2
CVE-2020-26122
- EPSS 0.64%
- Veröffentlicht 07.12.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:19:17
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginInspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Inspur ≫ Nf8480m5 Firmware Version < 1.19.34
Inspur ≫ Nf8260m5 Firmware Version < 1.19.34
Inspur ≫ Ns5162m5 Firmware Version < 4.5.3
Inspur ≫ Ns5488m5 Firmware Version < 1.19.33
Inspur ≫ Ns5484m5 Firmware Version < 1.19.33
Inspur ≫ Ns5482m5 Firmware Version < 1.19.33
Inspur ≫ Nf5280m5 Firmware Version < 4.26.6
Inspur ≫ Nf5468m5 Firmware Version < 1.18.51
Inspur ≫ Nf5488m5-d Firmware Version < 1.18.51
Inspur ≫ Nf5180m5 Firmware Version < 4.18.2
Inspur ≫ Nf5270m5 Firmware Version < 4.9.1
Inspur ≫ Nf5260m5 Firmware Version < 3.8.0
Inspur ≫ Nf5266m5 Firmware Version < 3.21.3
Inspur ≫ Nf5466m5 Firmware Version < 4.28.0
Inspur ≫ Nf5486m5 Firmware Version < 3.22.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.64% | 0.697 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
CWE-347 Improper Verification of Cryptographic Signature
The product does not verify, or incorrectly verifies, the cryptographic signature for data.