Vulnerability Description
user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbmc-Project | Openbmc | < 2020-04-03 |
Related Weaknesses (CWE)
References
- https://github.com/openbmc/openbmc/issues/3670Third Party Advisory
- https://github.com/openbmc/phosphor-host-ipmid/commit/b265455a2518ece7c004b43c14PatchThird Party Advisory
- https://lists.ozlabs.org/pipermail/openbmc/2020-June/022020.htmlMailing ListThird Party Advisory
- https://github.com/openbmc/openbmc/issues/3670Third Party Advisory
- https://github.com/openbmc/phosphor-host-ipmid/commit/b265455a2518ece7c004b43c14PatchThird Party Advisory
- https://lists.ozlabs.org/pipermail/openbmc/2020-June/022020.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2020-14156?
CVE-2020-14156 is a vulnerability with a CVSS score of 8.8 (HIGH). user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.
How severe is CVE-2020-14156?
CVE-2020-14156 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-14156?
Check the references section above for vendor advisories and patch information. Affected products include: Openbmc-Project Openbmc.