Vulnerabilities > Intel > BMC Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-19 | CVE-2020-12374 | Classic Buffer Overflow vulnerability in Intel BMC Firmware 1.06.06 Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
| 2021-02-17 | CVE-2020-12380 | Out-of-bounds Read vulnerability in Intel BMC Firmware 1.06.06 Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2021-02-17 | CVE-2020-12377 | Improper Input Validation vulnerability in Intel BMC Firmware 1.06.06 Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2021-02-17 | CVE-2020-12376 | Use of Hard-coded Credentials vulnerability in Intel BMC Firmware 1.06.06 Use of hard-coded key in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow authenticated user to potentially enable information disclosure via local access. | 5.5 |
| 2021-02-17 | CVE-2020-12375 | Out-of-bounds Write vulnerability in Intel BMC Firmware 1.06.06 Heap overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 6.7 |
| 2021-02-17 | CVE-2020-12373 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel BMC Firmware 1.06.06 Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | 6.7 |
| 2020-10-29 | CVE-2020-11616 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. | 7.5 |
| 2020-10-29 | CVE-2020-11615 | Use of Hard-coded Credentials vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. | 7.5 |
| 2020-10-29 | CVE-2020-11489 | Insecure Default Initialization of Resource vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure. | 7.5 |
| 2020-10-29 | CVE-2020-11488 | Improper Verification of Cryptographic Signature vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution. | 6.7 |