Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2600

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-2600
Last Modified 05 Sep 2008 04:44:35
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2600

Summary

The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

Vulnerable Systems

Application

  • Intel Cli Auto-configuration Utility

  • Intel Client System Setup Utility

  • Intel Server Configuration Wizard

  • Intel Server Control

  • Intel System Setup Utility


References

SECUNIA - 11315

XF - intel-ssu-gain-access(15775)

BID - 10068

OSVDB - 4978

MISC - http://support.intel.com/support/motherboards/server/sb/CS-010422.htm

CONFIRM - ftp://download.intel.com/support/motherboards/server/sb/aa6791invalidlanconfiguration040504.pdf


Last Updated: 27 May 2016 10:39:33