Intel Baseboard Management Controller Firmware vulnerabilities

CVE-2022-29493 [MEDIUM] CWE-755 CVE-2022-29493: Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2. Uncaught exception in webserver for the Integrated BMC in some Intel(R) platforms before versions 2.86, 2.09 and 2.78 may allow a privileged user to potentially enable denial of service via network access.

CVE-2020-24474 [HIGH] CWE-120 CVE-2020-24474: Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modu Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

CVE-2020-24473 [HIGH] CWE-787 CVE-2020-24473: Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2020-24475 [MEDIUM] CWE-665 CVE-2020-24475: Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Comp Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access.

CVE-2019-11168 [CRITICAL] CVE-2019-11168: Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an un Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

CVE-2019-11171 [CRITICAL] CWE-787 CVE-2019-11171: Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated us Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.

CVE-2019-11178 [HIGH] CWE-120 CVE-2019-11178: Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access.

CVE-2019-11181 [HIGH] CWE-125 CVE-2019-11181: Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access.

CVE-2019-11182 [HIGH] CWE-787 CVE-2019-11182: Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

CVE-2019-11170 [HIGH] CWE-287 CVE-2019-11170: Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthentica Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access.

CVE-2019-11180 [HIGH] CWE-20 CVE-2019-11180: Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unau Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

CVE-2019-11177 [HIGH] CWE-755 CVE-2019-11177: Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticate Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

CVE-2019-11173 [HIGH] CVE-2019-11173: Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an un Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access.

CVE-2019-11175 [HIGH] CWE-20 CVE-2019-11175: Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unau Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access.

CVE-2019-11174 [MEDIUM] CVE-2019-11174: Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauth Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.

CVE-2019-11179 [MEDIUM] CWE-20 CVE-2019-11179: Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an auth Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access.

CVE-2019-11172 [MEDIUM] CWE-125 CVE-2019-11172: Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access.