QwikSec

Security Database

CVE

CWE

Training

CVE-2020-5208

Published: Feb 5, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

7.7

HIGH

Description

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

Vendor	Product	Versions
ipmitool	ipmitool	affected `unspecified - < < 1.8.19`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

References

https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp

x_refsource_CONFIRM

https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2

x_refsource_MISC

[debian-lts-announce] 20200209 [SECURITY] [DLA 2098-1] ipmitool security update

mailing-list

x_refsource_MLIST

FEDORA-2020-92cc67ff5a

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-eb0cf4d268

vendor-advisory

x_refsource_FEDORA

openSUSE-SU-2020:0247

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_GENTOO

[debian-lts-announce] 20210630 [SECURITY] [DLA 2699-1] ipmitool security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.