Published:
13 November 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2019.0329
INTEL-SA-00313 - Intel BMC Advisory
13 November 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Intel Baseboard Management Controller
Impact/Access: Increased Privileges -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-11182 CVE-2019-11181 CVE-2019-11180
CVE-2019-11179 CVE-2019-11178 CVE-2019-11177
CVE-2019-11175 CVE-2019-11174 CVE-2019-11173
CVE-2019-11172 CVE-2019-11171 CVE-2019-11170
CVE-2019-11168
Member content until: Friday, December 13 2019
OVERVIEW
Intel has discovered vulnerabilities in Intel BMC firmware prior to
to version 2.18. [1]
IMPACT
Intel has provided the folllowing information regarding the
vulnerabilities:
"Intel ID: INTEL-SA-00313
Advisory Category: Firmware
Impact of vulnerability : Escalation of Privilege
Denial of Service
Information Disclosure
Severity rating : CRITICAL
Original release: 11/12/2019
Last revised: 11/12/2019" [1]
"CVEID: CVE-2019-11168
Description: Insufficient session validation in Intel(R) Baseboard
Management Controller firmware may allow an unauthenticated user to
potentially enable information disclosure and/or denial of service
via network access.
CVSS Base Score: 8.1 High
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEID: CVE-2019-11170
Description: Authentication bypass in Intel(R) Baseboard Management
Controller firmware may allow an unauthenticated user to potentially
enable information disclosure, escalation of privilege and/or denial
of service via local access.
CVSS Base Score: 7.3 High
CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L
CVEID: CVE-2019-11171
Description: Heap corruption in Intel(R) Baseboard Management
Controller firmware may allow an unauthenticated user to potentially
enable information disclosure, escalation of privilege and/or denial
of service via network access.
CVSS Base Score: 9.0 Critical
CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVEID: CVE-2019-11172
Description: Out of bound read in Intel(R) Baseboard Management
Controller firmware may allow an unauthenticated user to potentially
enable information disclosure via network access.
CVSS Base Score: 5.4 Medium
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
CVEID: CVE-2019-11173
Description: Insufficient session validation in Intel(R) Baseboard
Management Controller firmware may allow an unauthenticated user to
potentially enable information disclosure and/or denial of service
via local access.
CVSS Base Score: 5.7 Medium
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L
CVEID: CVE-2019-11174
Description: Insufficient access control in Intel(R) Baseboard
Management Controller firmware may allow an unauthenticated user to
potentially enable information disclosure via network access.
CVSS Base Score: 5.3 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEID: CVE-2019-11175
Description: Insufficient input validation in Intel(R) Baseboard
Management Controller firmware may allow an unauthenticated user to
potentially enable denial of service via network access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVEID: CVE-2019-11177
Description: Unhandled exception in Intel(R) Baseboard Management
Controller firmware may allow an unauthenticated user to potentially
enable denial of service via network access.
CVSS Base Score: 3.7 Low
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CVEID: CVE-2019-11178
Description: Stack overflow in Intel(R) Baseboard Management
Controller firmware may allow an authenticated user to potentially
enable information disclosure and/or denial of service via network
access.
CVSS Base Score: 7.1 High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
CVEID: CVE-2019-11179
Description: Insufficient input validation in Intel(R) Baseboard
Management Controller firmware may allow an authenticated user to
potentially enable information disclosure via network access.
CVSS Base Score: 6.5 Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEID: CVE-2019-11180
Description: Insufficient input validation in Intel(R) Baseboard
Management Controller firmware may allow an unauthenticated user to
potentially enable denial of service via network access.
CVSS Base Score: 8.2 High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
CVEID: CVE-2019-11181
Description: Out of bound read in Intel(R) Baseboard Management
Controller firmware may allow an unauthenticated user to potentially
enable escalation of privilege via network access.
CVSS Base Score: 3.7 Low
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVEID: CVE-2019-11182
Description: Memory corruption in Intel(R) Baseboard Management
Controller firmware may allow an unauthenticated user to potentially
enable denial of service via network access.
CVSS Base Score: 8.1 High
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [1]
MITIGATION
Intel recommends:
"...that users of Intel BMC firmware update to version 2.18 or
later." [1]
REFERENCES
[1] INTEL-SA-00313 - Intel BMC Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXcuWDWaOgq3Tt24GAQgDeBAAjKiAAjQZNxdAeR5axPnV1S9aFucljkUz
5JL5dIz3nDtU97BnOjN6OzpmiuFlV2eG/KaeU1WZf5vlqGQhNC9Re3620yGfyKyx
q1etTJcKD0cy/EoBCgygGAbi9clbXKOP0/hA+WtwLNwyKqjDy2b78RrJOuSExsKh
ws4kNX+eMZfEH2c+PgKLpZMvBi268R7Wah1qYy+Fbx83I2xaS+xkXocup/zb1pzC
Nwb0Dl8rAV++kNqY8Yi/CwsaUpu9gkkxFbDEysinIzQWCCpEPHmmxbC1f0YT0dT+
ONizaddGY2MS4a1I2C2350RwW6zT674wKYQYmjg37Ou4MLTdQ3san1bQ98ONc7FE
/OrOsz632Xdp6SYwIF7xMv5wbVHs+Aq8Ai9vOAOm/RLU9gV8Mnz3YwHXPTVx2r6Q
vn/RtmqLOp6rB6pFIq/befW3ndGoj/9rnMAi6g+ZUKs+OIfbRC2OPxxrJiJ8enbo
XxRx1NX+AMt17Mcc7QW+jOF11KpGFpE8hRv7rTeOuWHMn8wzkInpX32cePGMBEZJ
wNN8/0D5N0Zm/jwde2ocjwdNgVRbA/QllY3eO/W35NyqGqHpU6J09dtE/cfo44mK
cg7Q+n0nJo0C1jG5cS7EJEKMH+AO9+JwMRNaJR4hDEZ174Zdff37J9uPNpoBn5qT
Yvh+5KEOOtg=
=uCAz
-----END PGP SIGNATURE-----