CVE-2021-39296

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.
Configurations

Configuration 1 (hide)

cpe:2.3:a:openbmc-project:openbmc:2.9.0:-:*:*:*:*:*:*

History

21 Nov 2024, 06:19

Type Values Removed Values Added
References () https://github.com/google/security-research/security/advisories/GHSA-gg9x-v835-m48q - Exploit, Third Party Advisory () https://github.com/google/security-research/security/advisories/GHSA-gg9x-v835-m48q - Exploit, Third Party Advisory
References () https://github.com/openbmc/openbmc - Third Party Advisory () https://github.com/openbmc/openbmc - Third Party Advisory
References () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html - () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html -

22 Sep 2021, 16:13

Type Values Removed Values Added
CPE cpe:2.3:a:openbmc-project:openbmc:2.9.0:-:*:*:*:*:*:*
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : 10.0
v3 : 10.0
References (MISC) https://github.com/google/security-research/security/advisories/GHSA-gg9x-v835-m48q - (MISC) https://github.com/google/security-research/security/advisories/GHSA-gg9x-v835-m48q - Exploit, Third Party Advisory
References (MISC) https://github.com/openbmc/openbmc - (MISC) https://github.com/openbmc/openbmc - Third Party Advisory

09 Sep 2021, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-09-09 18:15

Updated : 2024-11-21 06:19


NVD link : CVE-2021-39296

Mitre link : CVE-2021-39296

CVE.ORG link : CVE-2021-39296


JSON object : View

Products Affected

openbmc-project

  • openbmc
CWE
CWE-287

Improper Authentication