SB2021061601 - Multiple vulnerabilities in Intel Server Board M10JNP2SB
Published: June 16, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2021-0101)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Baseboard Management Controller (BMC) firmware. A remote attacker on the local network can trigger memory corruption and gain elevated privileges on the target system.
2) Input validation error (CVE-ID: CVE-2021-0070)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the Baseboard Management Controller (BMC) firmware. A remote attacker on the local network can pass specially crafted input to the application and gain elevated privileges on the target system.
3) Buffer overflow (CVE-ID: CVE-2021-0113)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Baseboard Management Controller (BMC) firmware. A remote attacker on the local network can trigger memory corruption and cause a denial of service condition on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
4) Path traversal (CVE-ID: CVE-2021-0097)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker on the local network can send a specially crafted HTTP request and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.