HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2021-39295

CVSS 7.5v3.1pub. 2023-04-15upd. 2025-02-06

In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Openbmc Project Openbmc

    APP
    Openbmc-Project
    2.9.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2021-39296CRITICAL10.0ten sam produkt

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the ...

CVE-2022-35729HIGH7.5ten sam produkt

Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenti...

CVE-2022-2809HIGH8.2ten sam produkt

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipar...

CVE-2022-3409HIGH8.2ten sam produkt

A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was id...

CVE-2020-14156HIGH8.8ten sam produkt

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pa...