CVE-2019-6161 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2019-6161?

CVE-2019-6161 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-6161?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Cp Storage Block Firmware, Lenovo Cp Storage Block.

Vulnerability Description

An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability allows session IDs to be reused, which could provide unauthorized access to the BMC under certain circumstances. This vulnerability does not affect ThinkSystem XCC, System x IMM2, or other BMCs.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Lenovo	Cp Storage Block Firmware	< 1908.m
Lenovo	Cp Storage Block	-

Related Weaknesses (CWE)

CWE-384

References

https://support.lenovo.com/solutions/LEN-26957Vendor Advisory
https://support.lenovo.com/solutions/LEN-26957Vendor Advisory

FAQ

What is CVE-2019-6161?

CVE-2019-6161 is a vulnerability with a CVSS score of 7.5 (HIGH). An internal product security audit discovered a session handling vulnerability in the web interface of ThinkAgile CP-SB (Storage Block) BMC in firmware versions prior to 1908.M. This vulnerability all...

How severe is CVE-2019-6161?

CVE-2019-6161 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-6161?

Check the references section above for vendor advisories and patch information. Affected products include: Lenovo Cp Storage Block Firmware, Lenovo Cp Storage Block.