CVE-2019-11173Session Fixation in Intel Baseboard Management Controller Firmware

CWE-384Session Fixation4 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.2%
top 52.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Intel Baseboard Management Controller FirmwarePaloalto Pan-os
Timeline
PublishedNov 14
Latest updateMay 24

Description

Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-vpfp-j2cp-7jr8: Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable informati2022-05-24
CVEList
CVE-2019-11173: Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable informati2019-11-14

📋Vendor Advisories

1
Palo Alto
PAN2020-04-08
CVE-2019-11173 — Session Fixation in Intel | cvebase