Global Technical Service E-mail:serversupport@inspur.com Europe Technical Service E-mail:eu@inspur.com
Security Notice - Statement on BMC ASPEED and some other security vulnerabilities
Initial Release Date:2019-07-07 18:11:48
Last Release Date:2019-07-12 19:12:26
Security Notices:

The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator),so there may be security risks.

Besides, we found that the SNMP of a few products has security risks and may be exploited by attackers in some extreme cases.

Inspur has issued Security Advisory (SA) for these vulnerabilities. Inspur provides product vulnerability solutions through SA.

Inspur Products Affected:

Server

storage

NF5270M5

AS5600G2/G2-F

NF5280M5

AS5800G2/G2-F

NF8260M5/NF8480M5

AS6800G2

NF5180M5

AS5600G5

NF5270M5

AS5800G5

NF5466M5/NF5266M5

HF6000G5

I24-NS5162M5

AS13000G5-M12

SA5112M5(NF5180M5)

AS13000G5-M25

SA5212M5(NF5280M5)

AS13000G5-M36

TS860M5

AS13000G5-M72

I9000-NX5460M5

AS13000-M1

SR-SN5161M5

AS13000-M3

NF5180M5

AS13000-M5

NF8260M5/NF8480M5

AS13000-RACK

I48-NS5482M5/NS5484M5/NS5488M5

AS13000G5-E36

SR-SN5161M5

NF5288M5

NF5468M5

NF5888M5

NF5270M4

NF5280M4

NF8460M4

NF5180M4

NF5240M4

NF5460M4

SA5112M4

SA5212M4

TS860G3

I9000-NX5460M4

SR-SN5160M4

NF5170M4

NF8480M4

Revision History:

2019-07-11 V1.2 UPDATED Increase the link of SA

2019-07-11 V1.1 UPDATED Increase the list of affected products

2019-07-07 V1.0 INITIAL

Inspur Security Procedures:

Inspur is committed to ensuring user safety, working to resolve issues quickly when problems arise, and providing recommendations through security advisories and security notices.

If you have information about a security issue or vulnerability with Inspur products and solutions, please send an e-mail to sec@inspur.com. For details, please visit:

http://en.inspur.com/en/2402164/2458348/index.html

Reference links:

[1]NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-6260

[2]IBMhttps://www-01.ibm.com/support/docview.wss?uid=ibm10869130

ABOUT US

Inspur Group Core Values Partners News Events

SUPPORT

Download Center Service & Warranty
  • E-Waste Collection Service
  • Security Bulletins
  • WHERE TO BUY

    Where to buy

    CONTACT US

    Contact Us Join Us

    FOLLOW INSPUR

    Facebook Instagram Twitter

    Copyright © 2018 Inspur. All Rights Reserved.

    inspur logo
    • Support:

      1-844-860-0011

    • Sales Inquiries:

      1-800-697-5893