CVE-2020-5633 — CRITICAL (9.8)

Q: How severe is CVE-2020-5633?

CVE-2020-5633 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-5633?

Check the references section above for vendor advisories and patch information. Affected products include: Nec Baseboard Management Controller, Nec Express5800\/Gt110J, Nec Express5800\/T110J, Nec Express5800\/T110J-S, Nec Express5800\/T110J-S \(2Nd-Gen\).

Vulnerability Description

Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Nec	Baseboard Management Controller	<= 1.09
Nec	Express5800\/Gt110J	-
Nec	Express5800\/T110J	-
Nec	Express5800\/T110J-S	-
Nec	Express5800\/T110J-S \(2Nd-Gen\)	-
Nec	Express5800\/T110J \(2Nd-Gen\)	-
Nec	Istorage Ns100Ti	-

Related Weaknesses (CWE)

CWE-287

References

https://jpn.nec.com/security-info/secinfo/nv21-002.htmlVendor Advisory
https://jvn.jp/en/jp/JVN38752718/index.htmlThird Party Advisory
https://www.support.nec.co.jp/View.aspx?id=9010108754Vendor Advisory
https://jpn.nec.com/security-info/secinfo/nv21-002.htmlVendor Advisory
https://jvn.jp/en/jp/JVN38752718/index.htmlThird Party Advisory
https://www.support.nec.co.jp/View.aspx?id=9010108754Vendor Advisory

FAQ

What is CVE-2020-5633?

CVE-2020-5633 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controll...

How severe is CVE-2020-5633?

CVE-2020-5633 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-5633?

Check the references section above for vendor advisories and patch information. Affected products include: Nec Baseboard Management Controller, Nec Express5800\/Gt110J, Nec Express5800\/T110J, Nec Express5800\/T110J-S, Nec Express5800\/T110J-S \(2Nd-Gen\).