Global Technical Service E-mail:serversupport@inspur.com Europe Technical Service E-mail:eu@inspur.com
Security Advisory - BMC ASPEED and some other security vulnerabilities
SA No:INSPUR-SA-201907-001
Initial Release Date:2019-07-11 18:18:53
Last Release Date:2019-08-21 15:41:55
Summary:

The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator),so there may be security risks.
Besides, we found that the SNMP of a few products has security risks and may be exploited by attackers in some extreme cases.
The affected products and corresponding update versions are shown in the table below.

Fixed Product Version:
Product BMC Update Version Download link
NF5180M5 NF5180M5_BMC_4.15.3_Standard_20190709 Download
NF5280M5 NF5280M5_BMC_4.25.2_Standard_20190709 Download
NF5266M5 NF5266M5_BMC_3.16.0_Standard_20190725 Download
NF5270M5 NF5270M5_BMC_4.7.1_Standard_20190727 Download
SA5112M5 SA5112M5_BMC_4.15.3_Standard_20190709 Download
SA5212M5 SA5212M5_BMC_4.25.2_Standard_20190709 Download

Impact:

Allows attackers to use the host to access BMC memory and flash without authentication.

Vulnerability Scoring Details:

CVE-2019-6260:
CVSS Base Score: 9.8(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS Temporal Score:8.8 (E:P/RL:O/RC:C)

Technique Details:

The Baseboard Management Controller (BMC) hardware features potentially left it open to unauthenticated compromise from the host and from the BMC console. It could allow the host full access to BMC memory and flash, violating the principle of BMC and host being in separate trust domains.

Obtaining Fixed Software:

none

Temporary Fix:

none

Source:

Common Vulnerabilities and Exposures

Revision History:

20190711-V1.0-Initial Release

FAQs:

none

Inspur Security Procedures:

Inspur is committed to ensuring user safety, working to resolve issues quickly when problems arise, and providing recommendations through security advisories and security notices.
If you have information about a security issue or vulnerability with Inspur products and solutions, please send an e-mail to sec@inspur.com. For details, please visit:
http://en.inspur.com/en/2402164/2458348/index.html
If you require technical support, please visit:
http://en.inspur.com/eportal/ui?pageId=2403545

ABOUT US

Inspur Group Partners News Events

SUPPORT

Download Center Service & Warranty
  • E-Waste Collection Service
  • Security Bulletins
  • WHERE TO BUY

    Where to buy

    CONTACT US

    Contact Us Join Us

    FOLLOW INSPUR

    Facebook Instagram Twitter

    Copyright © 2018 Inspur. All Rights Reserved.

    inspur logo
    • Support:

      1-844-860-0011

    • Sales Inquiries:

      1-800-697-5893