Published:
13 November 2019
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2019.0329 INTEL-SA-00313 - Intel BMC Advisory 13 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Intel Baseboard Management Controller Impact/Access: Increased Privileges -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2019-11182 CVE-2019-11181 CVE-2019-11180 CVE-2019-11179 CVE-2019-11178 CVE-2019-11177 CVE-2019-11175 CVE-2019-11174 CVE-2019-11173 CVE-2019-11172 CVE-2019-11171 CVE-2019-11170 CVE-2019-11168 Member content until: Friday, December 13 2019 OVERVIEW Intel has discovered vulnerabilities in Intel BMC firmware prior to to version 2.18. [1] IMPACT Intel has provided the folllowing information regarding the vulnerabilities: "Intel ID: INTEL-SA-00313 Advisory Category: Firmware Impact of vulnerability : Escalation of Privilege Denial of Service Information Disclosure Severity rating : CRITICAL Original release: 11/12/2019 Last revised: 11/12/2019" [1] "CVEID: CVE-2019-11168 Description: Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access. CVSS Base Score: 8.1 High CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVEID: CVE-2019-11170 Description: Authentication bypass in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via local access. CVSS Base Score: 7.3 High CVSS Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L CVEID: CVE-2019-11171 Description: Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access. CVSS Base Score: 9.0 Critical CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVEID: CVE-2019-11172 Description: Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. CVSS Base Score: 5.4 Medium CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVEID: CVE-2019-11173 Description: Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via local access. CVSS Base Score: 5.7 Medium CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L CVEID: CVE-2019-11174 Description: Insufficient access control in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure via network access. CVSS Base Score: 5.3 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVEID: CVE-2019-11175 Description: Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. CVSS Base Score: 7.5 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVEID: CVE-2019-11177 Description: Unhandled exception in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. CVSS Base Score: 3.7 Low CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVEID: CVE-2019-11178 Description: Stack overflow in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure and/or denial of service via network access. CVSS Base Score: 7.1 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L CVEID: CVE-2019-11179 Description: Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an authenticated user to potentially enable information disclosure via network access. CVSS Base Score: 6.5 Medium CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVEID: CVE-2019-11180 Description: Insufficient input validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. CVSS Base Score: 8.2 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVEID: CVE-2019-11181 Description: Out of bound read in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable escalation of privilege via network access. CVSS Base Score: 3.7 Low CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVEID: CVE-2019-11182 Description: Memory corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable denial of service via network access. CVSS Base Score: 8.1 High CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [1] MITIGATION Intel recommends: "...that users of Intel BMC firmware update to version 2.18 or later." [1] REFERENCES [1] INTEL-SA-00313 - Intel BMC Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXcuWDWaOgq3Tt24GAQgDeBAAjKiAAjQZNxdAeR5axPnV1S9aFucljkUz 5JL5dIz3nDtU97BnOjN6OzpmiuFlV2eG/KaeU1WZf5vlqGQhNC9Re3620yGfyKyx q1etTJcKD0cy/EoBCgygGAbi9clbXKOP0/hA+WtwLNwyKqjDy2b78RrJOuSExsKh ws4kNX+eMZfEH2c+PgKLpZMvBi268R7Wah1qYy+Fbx83I2xaS+xkXocup/zb1pzC Nwb0Dl8rAV++kNqY8Yi/CwsaUpu9gkkxFbDEysinIzQWCCpEPHmmxbC1f0YT0dT+ ONizaddGY2MS4a1I2C2350RwW6zT674wKYQYmjg37Ou4MLTdQ3san1bQ98ONc7FE /OrOsz632Xdp6SYwIF7xMv5wbVHs+Aq8Ai9vOAOm/RLU9gV8Mnz3YwHXPTVx2r6Q vn/RtmqLOp6rB6pFIq/befW3ndGoj/9rnMAi6g+ZUKs+OIfbRC2OPxxrJiJ8enbo XxRx1NX+AMt17Mcc7QW+jOF11KpGFpE8hRv7rTeOuWHMn8wzkInpX32cePGMBEZJ wNN8/0D5N0Zm/jwde2ocjwdNgVRbA/QllY3eO/W35NyqGqHpU6J09dtE/cfo44mK cg7Q+n0nJo0C1jG5cS7EJEKMH+AO9+JwMRNaJR4hDEZ174Zdff37J9uPNpoBn5qT Yvh+5KEOOtg= =uCAz -----END PGP SIGNATURE-----