Sign-up

ID

VAR-201901-0300


CVE

CVE-2019-6260


TITLE

plural ASPEED ast Products and Baseband Management Controller Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-001889

DESCRIPTION

The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup. ASPEED ast2400 , ast2500 , Baseband Management Controller (BMC) Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple ASPEED Products are prone to an remote security vulnerability. Successfully exploiting this issue may allow an attacker to obtain sensitive information, bypass certain security restrictions and perform unauthorized actions. ASPEED Technology ASPEED ast2400 and ast2500 are both a baseband management controller of China Taiwan ASPEED Technology Company. Security vulnerabilities in the implementation of advanced high-performance bus bridging in ASPEED ast2400 and ast2500 BMC hardware and firmware. Attackers can exploit this vulnerability to perform arbitrary read and write operations on the physical address space of the BMC

Trust: 2.07

sources: NVD: CVE-2019-6260 // JVNDB: JVNDB-2019-001889 // BID: 108399 // VULHUB: VHN-157695 // VULMON: CVE-2019-6260

AFFECTED PRODUCTS

vendor:aspeedtechmodel:ast2500scope:eqversion:*

Trust: 1.0

vendor:netappmodel:fas\/aff baseboard management controllerscope:eqversion:*

Trust: 1.0

vendor:aspeedtechmodel:ast2400scope:eqversion:*

Trust: 1.0

vendor:aspeedmodel:ast2400scope: - version: -

Trust: 0.8

vendor:aspeedmodel:ast2500scope: - version: -

Trust: 0.8

vendor:netappmodel:baseboard management controllerscope: - version: -

Trust: 0.8

vendor:openbmcmodel:openbmcscope:eqversion:2.5

Trust: 0.3

vendor:openbmcmodel:openbmcscope:eqversion:2.4

Trust: 0.3

vendor:openbmcmodel:openbmcscope:eqversion:2.3

Trust: 0.3

vendor:openbmcmodel:openbmcscope:eqversion:2.2

Trust: 0.3

vendor:openbmcmodel:openbmcscope:eqversion:2.1

Trust: 0.3

vendor:openbmcmodel:openbmcscope:eqversion:2.0

Trust: 0.3

vendor:netappmodel:fas/aff baseboard management controllerscope:eqversion:0

Trust: 0.3

vendor:aspeedmodel:technology inc ast2500scope:eqversion:0

Trust: 0.3

vendor:aspeedmodel:technology inc ast2400scope:eqversion:0

Trust: 0.3

sources: BID: 108399 // JVNDB: JVNDB-2019-001889 // NVD: CVE-2019-6260

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6260
value: CRITICAL

Trust: 1.0

NVD: CVE-2019-6260
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201901-788
value: CRITICAL

Trust: 0.6

VULHUB: VHN-157695
value: HIGH

Trust: 0.1

VULMON: CVE-2019-6260
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2019-6260
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-157695
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6260
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-157695 // VULMON: CVE-2019-6260 // JVNDB: JVNDB-2019-001889 // CNNVD: CNNVD-201901-788 // NVD: CVE-2019-6260

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-157695 // JVNDB: JVNDB-2019-001889 // NVD: CVE-2019-6260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-788

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201901-788

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001889

PATCH
title:Top Pageurl:https://www.aspeedtech.com/
Trust: 0.8
title:NTAP-20190314-0001url:https://security.netapp.com/advisory/ntap-20190314-0001/
Trust: 0.8
title:Brocade Security Advisories: BSA-2019-785url:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=071a10d0ee7b24438f8eb6eba3d1dfef
Trust: 0.1
title:PoCurl:https://github.com/Jonathan-Elias/PoC 
Trust: 0.1
title:CVE-POCurl:https://github.com/0xT11/CVE-POC 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/nomi-sec/PoC-in-GitHub 
Trust: 0.1
title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2019-6260 // 
            
            
            
            JVNDB: JVNDB-2019-001889

EXTERNAL IDS
db:NVDid:CVE-2019-6260
Trust: 2.9
db:JVNDBid:JVNDB-2019-001889
Trust: 0.8
db:CNNVDid:CNNVD-201901-788
Trust: 0.7
db:AUSCERTid:ESB-2019.0834
Trust: 0.6
db:LENOVOid:LEN-26252
Trust: 0.6
db:BIDid:108399
Trust: 0.3
db:VULHUBid:VHN-157695
Trust: 0.1
db:VULMONid:CVE-2019-6260
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157695 // 
            
            
            
            VULMON: CVE-2019-6260 // 
            
            
            
            BID: 108399 // 
            
            
            
            JVNDB: JVNDB-2019-001889 // 
            
            
            
            CNNVD: CNNVD-201901-788 // 
            
            
            
            NVD: CVE-2019-6260

REFERENCES
url:https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/
Trust: 2.9
url:https://security.netapp.com/advisory/ntap-20190314-0001/
Trust: 2.1
url:https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-785
Trust: 1.9
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6260
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2019-6260
Trust: 0.8
url:http://www.ibm.com/support/docview.wss
Trust: 0.6
url:https://support.lenovo.com/us/en/solutions/len-26252
Trust: 0.6
url:https://www.auscert.org.au/bulletins/77154
Trust: 0.6
url:https://support.lenovo.com/us/zh/solutions/len-26252
Trust: 0.6
url:https://github.com/openbmc/openbmc/issues/3475
Trust: 0.3
url:https://www.aspeedtech.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/nomi-sec/poc-in-github
Trust: 0.1
sources:
            
            
            VULHUB: VHN-157695 // 
            
            
            
            VULMON: CVE-2019-6260 // 
            
            
            
            BID: 108399 // 
            
            
            
            JVNDB: JVNDB-2019-001889 // 
            
            
            
            CNNVD: CNNVD-201901-788 // 
            
            
            
            NVD: CVE-2019-6260

CREDITS
Andrew Jeffery, Benjamin Herrenschmidt, Jeremy Kerr, Russell Currey, Stewart Smith
Trust: 0.3
sources:
            
            
            BID: 108399

SOURCES
db:VULHUBid:VHN-157695
db:VULMONid:CVE-2019-6260
db:BIDid:108399
db:JVNDBid:JVNDB-2019-001889
db:CNNVDid:CNNVD-201901-788
db:NVDid:CVE-2019-6260

LAST UPDATE DATE
2024-11-23T22:26:05.006000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-157695date:2020-08-24T00:00:00
db:VULMONid:CVE-2019-6260date:2020-08-24T00:00:00
db:BIDid:108399date:2019-01-22T00:00:00
db:JVNDBid:JVNDB-2019-001889date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201901-788date:2020-08-25T00:00:00
db:NVDid:CVE-2019-6260date:2024-11-21T04:46:19.627

SOURCES RELEASE DATE
db:VULHUBid:VHN-157695date:2019-01-22T00:00:00
db:VULMONid:CVE-2019-6260date:2019-01-22T00:00:00
db:BIDid:108399date:2019-01-22T00:00:00
db:JVNDBid:JVNDB-2019-001889date:2019-03-28T00:00:00
db:CNNVDid:CNNVD-201901-788date:2019-01-23T00:00:00
db:NVDid:CVE-2019-6260date:2019-01-22T20:29:01.473