CVE-2004-2600

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2004-2600
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
ftp://download.intel.com/support/motherboards/server/sb/aa6791invalidlanconfiguration040504.pdf Vendor Advisory
http://secunia.com/advisories/11315 Patch Vendor Advisory
http://support.intel.com/support/motherboards/server/sb/CS-010422.htm
http://www.osvdb.org/4978
http://www.securityfocus.com/bid/10068
https://exchange.xforce.ibmcloud.com/vulnerabilities/15775
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:intel:cli_auto-configuration_utility:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:client_system_setup_utility:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:server_configuration_wizard:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:server_control:*:*:*:*:*:*:*:*
cpe:2.3:a:intel:system_setup_utility:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:carrier_grade_server_tigpr2u:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:carrier_grade_server_tsrlt2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:carrier_grade_server_tsrmt2:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:h:hp:carrier_grade_server_cc2300:a6898a:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc2300:a6899a:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc3300:a6900a:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc3300:a6901a:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc3310:a9862a:*:*:*:*:*:*:*
cpe:2.3:h:hp:carrier_grade_server_cc3310:a9863a:*:*:*:*:*:*:*
cpe:2.3:h:intel:entry_server_board_se7210tp1-e:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:entry_server_platform_sr1325tp1-e:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_scb2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_sds2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_se7500wv2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_se7501hg2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_board_shg2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_platform_spsh4:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_platform_sr870bh2:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_platform_sr870bn4:*:*:*:*:*:*:*:*
cpe:2.3:h:intel:server_platform_srsh4:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2017-07-11 01:32

NVD link : CVE-2004-2600

Mitre link : CVE-2004-2600

CVE.ORG link : CVE-2004-2600

JSON object : View

Products Affected

intel

  • server_configuration_wizard
  • server_platform_sr870bh2
  • server_platform_srsh4
  • carrier_grade_server_tigpr2u
  • system_setup_utility
  • server_platform_sr870bn4
  • server_board_scb2
  • entry_server_platform_sr1325tp1-e
  • cli_auto-configuration_utility
  • carrier_grade_server_tsrmt2
  • server_platform_spsh4
  • carrier_grade_server_tsrlt2
  • server_control
  • server_board_se7500wv2
  • server_board_sds2
  • entry_server_board_se7210tp1-e
  • client_system_setup_utility
  • server_board_se7501hg2
  • server_board_shg2

hp

  • carrier_grade_server_cc3310
  • carrier_grade_server_cc3300
  • carrier_grade_server_cc2300
CWE
NVD-CWE-Other