Vulnerabilities > Intel > BMC Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-02-17 | CVE-2020-12380 | Out-of-bounds Read vulnerability in Intel BMC Firmware 1.06.06 Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2021-02-17 | CVE-2020-12377 | Improper Input Validation vulnerability in Intel BMC Firmware 1.06.06 Insufficient input validation in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
| 2020-10-29 | CVE-2020-11616 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. | 7.5 |
| 2020-10-29 | CVE-2020-11615 | Use of Hard-coded Credentials vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. | 7.5 |
| 2020-10-29 | CVE-2020-11489 | Insecure Default Initialization of Resource vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure. | 7.5 |
| 2020-10-29 | CVE-2020-11487 | Use of Hard-coded Credentials vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. | 7.5 |
| 2020-10-29 | CVE-2020-11485 | Cross-Site Request Forgery (CSRF) vulnerability in Intel BMC Firmware 1.06.06/2.47 NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution. | 8.8 |
| 2018-07-10 | CVE-2018-3682 | Improper Privilege Management vulnerability in Intel BMC Firmware BMC Firmware in Intel server boards, compute modules, and systems potentially allow an attacker with administrative privileges to make unauthorized read\writes to the SMBUS. | 8.2 |