Details of VAR-200412-0782

ID

VAR-200412-0782

CVE

CVE-2004-2600

TITLE

Intel LAN Management Server Configuration Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-549

DESCRIPTION

The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. It has been reported that the LAN management server setup utilities are prone to a remote configuration vulnerability. This issue is due to a design error that leaves the system insecure after remote management occurs. This issue may allow an attacker to gain unauthorized access to certain utilities on the affected system

Trust: 1.26

sources: NVD: CVE-2004-2600 // BID: 10068 // VULHUB: VHN-11028

AFFECTED PRODUCTS

vendor:	intel	model:	cli auto-configuration utility	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server board scb2	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server platform spsh4	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server platform srsh4	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server platform sr870bh2	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	entry server platform sr1325tp1-e	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	carrier grade server tigpr2u	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	system setup utility	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server board sds2	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	entry server board se7210tp1-e	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	carrier grade server tsrmt2	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server configuration wizard	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	carrier grade server cc3310	scope:	eq	version:	a9863a	Trust: 1.0
vendor:	hp	model:	carrier grade server cc2300	scope:	eq	version:	a6898a	Trust: 1.0
vendor:	intel	model:	server platform sr870bn4	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server control	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server board shg2	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	carrier grade server tsrlt2	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	carrier grade server cc3310	scope:	eq	version:	a9862a	Trust: 1.0
vendor:	hp	model:	carrier grade server cc3300	scope:	eq	version:	a6900a	Trust: 1.0
vendor:	intel	model:	server board se7501hg2	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	carrier grade server cc3300	scope:	eq	version:	a6901a	Trust: 1.0
vendor:	intel	model:	server board se7500wv2	scope:	eq	version:	*	Trust: 1.0
vendor:	hp	model:	carrier grade server cc2300	scope:	eq	version:	a6899a	Trust: 1.0
vendor:	intel	model:	client system setup utility	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	server platform srsh4	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	server platform sr870bn4	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	server platform sr870bh2	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	server platform spsh4	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	server board shg2	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	server board se7501hg2	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	server board se7500wv2	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	server board sds2	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	server board scb2	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	entry server platform sr1325tp1-e	scope:	-	version:	-	Trust: 0.9
vendor:	intel	model:	system setup utility	scope:	-	version:	-	Trust: 0.3
vendor:	intel	model:	server control	scope:	-	version:	-	Trust: 0.3
vendor:	intel	model:	server configuration wizard	scope:	-	version:	-	Trust: 0.3
vendor:	intel	model:	entry server board se7210tp1-e	scope:	-	version:	-	Trust: 0.3
vendor:	intel	model:	client system setup utility	scope:	-	version:	-	Trust: 0.3
vendor:	intel	model:	cli auto-configuration utility	scope:	-	version:	-	Trust: 0.3
vendor:	intel	model:	carrier grade server tsrmt2	scope:	-	version:	-	Trust: 0.3
vendor:	intel	model:	carrier grade server tsrlt2	scope:	-	version:	-	Trust: 0.3
vendor:	intel	model:	carrier grade server tigpr2u	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	carrier grade server cc3310 a9863a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	carrier grade server cc3310 a9862a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	carrier grade server cc3300 a6901a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	carrier grade server cc3300 a6900a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	carrier grade server cc2300 a6899a	scope:	-	version:	-	Trust: 0.3
vendor:	hp	model:	carrier grade server cc2300 a6898a	scope:	-	version:	-	Trust: 0.3

sources: BID: 10068 // CNNVD: CNNVD-200412-549 // NVD: CVE-2004-2600

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2600
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-549
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-11028
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-2600
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-11028
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11028 // CNNVD: CNNVD-200412-549 // NVD: CVE-2004-2600

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2600

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-549

TYPE

Design Error

Trust: 0.9

sources: BID: 10068 // CNNVD: CNNVD-200412-549

EXTERNAL IDS

db:	BID	id:	10068	Trust: 2.0
db:	OSVDB	id:	4978	Trust: 1.7
db:	NVD	id:	CVE-2004-2600	Trust: 1.7
db:	SECUNIA	id:	11315	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-549	Trust: 0.7
db:	XF	id:	15775	Trust: 0.6
db:	VULHUB	id:	VHN-11028	Trust: 0.1

sources: VULHUB: VHN-11028 // BID: 10068 // CNNVD: CNNVD-200412-549 // NVD: CVE-2004-2600

REFERENCES

url:	http://support.intel.com/support/motherboards/server/sb/cs-010422.htm	Trust: 2.0
url:	http://www.securityfocus.com/bid/10068	Trust: 1.7
url:	ftp://download.intel.com/support/motherboards/server/sb/aa6791invalidlanconfiguration040504.pdf	Trust: 1.7
url:	http://www.osvdb.org/4978	Trust: 1.7
url:	http://secunia.com/advisories/11315	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15775	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/15775	Trust: 0.6

sources: VULHUB: VHN-11028 // BID: 10068 // CNNVD: CNNVD-200412-549 // NVD: CVE-2004-2600

CREDITS

This issue was disclosed in the referenced Intel action alert.

Trust: 0.9

sources: BID: 10068 // CNNVD: CNNVD-200412-549

SOURCES

db:	VULHUB	id:	VHN-11028
db:	BID	id:	10068
db:	CNNVD	id:	CNNVD-200412-549
db:	NVD	id:	CVE-2004-2600

LAST UPDATE DATE

2024-08-14T14:08:56.676000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11028	date:	2017-07-11T00:00:00
db:	BID	id:	10068	date:	2004-04-07T00:00:00
db:	CNNVD	id:	CNNVD-200412-549	date:	2006-01-23T00:00:00
db:	NVD	id:	CVE-2004-2600	date:	2017-07-11T01:32:02.640

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11028	date:	2004-12-31T00:00:00
db:	BID	id:	10068	date:	2004-04-07T00:00:00
db:	CNNVD	id:	CNNVD-200412-549	date:	2004-12-31T00:00:00
db:	NVD	id:	CVE-2004-2600	date:	2004-12-31T05:00:00