CVE-2007-0661

{"id": "CVE-2007-0661", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.4, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 5.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-02-01T22:28:00.000", "references": [{"url": "http://lz1.intel.com/psirt/advisory.aspx?intelid=INTEL-SA-00012&languageid=en-fr", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/33044", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23989", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/22341", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/0432", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service."}, {"lang": "es", "value": "Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, y OEM Firmware para Intel Enterprise Southbridge Baseboard Management Controller versiones anteriores a 20070119, cuando la interfaz Intelligent Platform Management Interface (IPMI) est\u00e1 habilitada, permite a atacantes remotos conectar y enviar comandos IPMI de su elecci\u00f3n, posiblemente provocando una denegaci\u00f3n de servicio."}], "lastModified": "2011-03-08T02:50:29.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:enterprise_southbridge_2_bmc:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9A12549-3C2C-4877-AF2B-7770DC34CD41"}, {"criteria": "cpe:2.3:h:intel:enterprise_southbridge_bmc:*:*:oem:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E881479-11FD-4D6A-B7BD-3C401AFCBECD"}, {"criteria": "cpe:2.3:h:intel:server_board_s5000pal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CCC2CE5-078A-4725-9A80-15D305D921D0"}, {"criteria": "cpe:2.3:h:intel:server_board_s5000psl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "270D2AD7-314B-4352-B248-F0F397415540"}, {"criteria": "cpe:2.3:h:intel:server_board_s5000vcl:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B1417AA-F5B1-4B51-AA92-E6CC19E35B8A"}, {"criteria": "cpe:2.3:h:intel:server_board_s5000vsa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99B57CB7-20F4-4B87-A24A-F6A29F252603"}, {"criteria": "cpe:2.3:h:intel:server_board_s5000xal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6BEF5806-D8FE-4A9F-9632-02171B813391"}, {"criteria": "cpe:2.3:h:intel:server_board_s5000xvn:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "347B10B4-B4B0-4993-9843-FA1B9C877810"}, {"criteria": "cpe:2.3:h:intel:server_board_sc5400ra:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7DD15B7-918D-4BD5-82FB-EE6752C46EDE"}], "operator": "OR"}]}], "evaluatorComment": "The IPMI configuration does not appear to be the cause, but an extra condition for when it's possible. This is the reason for medium access complexity.", "sourceIdentifier": "cve@mitre.org"}