Vulnerabilities > CVE-2019-11181 - Out-of-bounds Read vulnerability in Intel Baseboard Management Controller Firmware

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

intel

CWE-125

NVD

Published: 2019-11-14

Updated: 2019-11-19

Summary

Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.

Vulnerable Configurations

Part	Description	Count
OS	Intel Intel Baseboard Management Controller Firmware *	1
Hardware	Intel Intel Bbs2600Bpb - Intel Bbs2600Bpbr - Intel Bbs2600Bpq - Intel Bbs2600Bpqr - Intel Bbs2600Bps - Intel Bbs2600Bpsr - Intel Bbs2600Stb - Intel Bbs2600Stbr - Intel Bbs2600Stq - Intel Bbs2600Stqr - Intel Hns2600Bpb - Intel Hns2600Bpb24 - Intel Hns2600Bpb24R - Intel Hns2600Bpb24Rx - Intel Hns2600Bpblc - Intel Hns2600Bpblc24 - Intel Hns2600Bpblc24R - Intel Hns2600Bpblcr - Intel Hns2600Bpbr - Intel Hns2600Bpbrx - Intel Hns2600Bpq - Intel Hns2600Bpq24 - Intel Hns2600Bpq24R - Intel Hns2600Bpqr - Intel Hns2600Bps - Intel Hns2600Bps24 - Intel Hns2600Bps24R - Intel Hns2600Bpsr - Intel Hpchns2600Bpbr - Intel Hpchns2600Bpqr - Intel Hpchns2600Bpsr - Intel Hpcr1208Wfqysr - Intel Hpcr1208Wftysr - Intel Hpcr1304Wf0Ysr - Intel Hpcr1304Wftysr - Intel Hpcr2208Wf0Zsr - Intel Hpcr2208Wfqzsr - Intel Hpcr2208Wftzsr - Intel Hpcr2208Wftzsrx - Intel Hpcr2224Wftzsr - Intel Hpcr2308Wftzsr - Intel Hpcr2312Wf0Npr - Intel Hpcr2312Wftzsr - Intel R1208Wfqysr - Intel R1208Wftys - Intel R1208Wftysr - Intel R1304Wf0Ys - Intel R1304Wf0Ysr - Intel R1304Wftys - Intel R1304Wftysr - Intel R2208Wf0Zs - Intel R2208Wf0Zsr - Intel R2208Wfqzs - Intel R2208Wfqzsr - Intel R2208Wftzs - Intel R2208Wftzsr - Intel R2208Wftzsrx - Intel R2224Wfqzs - Intel R2224Wftzs - Intel R2224Wftzsr - Intel R2308Wftzs - Intel R2308Wftzsr - Intel R2312Wf0Np - Intel R2312Wf0Npr - Intel R2312Wfqzs - Intel R2312Wftzs - Intel R2312Wftzsr - Intel S2600Stb - Intel S2600Stbr - Intel S2600Stq - Intel S2600Stqr - Intel S2600Wf0 - Intel S2600Wf0R - Intel S2600Wfq - Intel S2600Wfqr - Intel S2600Wft - Intel S2600Wftr - Intel S9232Wk1Hlc - Intel S9232Wk2Hac - Intel S9232Wk2Hlc - Intel S9248Wk1Hlc - Intel S9248Wk2Hac - Intel S9248Wk2Hlc - Intel S9256Wk1Hlc -	84

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

References

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html