Vulnerability Description
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intel | Cli Auto-Configuration Utility | All versions |
| Intel | Client System Setup Utility | All versions |
| Intel | Server Configuration Wizard | All versions |
| Intel | Server Control | All versions |
| Intel | System Setup Utility | All versions |
| Intel | Carrier Grade Server Tigpr2U | All versions |
| Intel | Carrier Grade Server Tsrlt2 | All versions |
| Intel | Carrier Grade Server Tsrmt2 | All versions |
| Hp | Carrier Grade Server Cc2300 | a6898a |
| Hp | Carrier Grade Server Cc3300 | a6900a |
| Hp | Carrier Grade Server Cc3310 | a9862a |
| Intel | Entry Server Board Se7210Tp1-E | All versions |
| Intel | Entry Server Platform Sr1325Tp1-E | All versions |
| Intel | Server Board Scb2 | All versions |
| Intel | Server Board Sds2 | All versions |
| Intel | Server Board Se7500Wv2 | All versions |
| Intel | Server Board Se7501Hg2 | All versions |
| Intel | Server Board Shg2 | All versions |
| Intel | Server Platform Spsh4 | All versions |
| Intel | Server Platform Sr870Bh2 | All versions |
References
- ftp://download.intel.com/support/motherboards/server/sb/aa6791invalidlanconfigurVendor Advisory
- http://secunia.com/advisories/11315PatchVendor Advisory
- http://support.intel.com/support/motherboards/server/sb/CS-010422.htm
- http://www.osvdb.org/4978
- http://www.securityfocus.com/bid/10068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15775
- ftp://download.intel.com/support/motherboards/server/sb/aa6791invalidlanconfigurVendor Advisory
- http://secunia.com/advisories/11315PatchVendor Advisory
- http://support.intel.com/support/motherboards/server/sb/CS-010422.htm
- http://www.osvdb.org/4978
- http://www.securityfocus.com/bid/10068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15775
FAQ
What is CVE-2004-2600?
CVE-2004-2600 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter,...
How severe is CVE-2004-2600?
CVE-2004-2600 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2600?
Check the references section above for vendor advisories and patch information. Affected products include: Intel Cli Auto-Configuration Utility, Intel Client System Setup Utility, Intel Server Configuration Wizard, Intel Server Control, Intel System Setup Utility.