← Back

CVE-2019-6260

nvd nist
Published: Jan 22, 2019Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup.

Affected (3)

Aspeedtech
2 products
Ast2400 Firmware
Ast2500 Firmware
Netapp
1 product
Fas/aff Baseboard Management Controller
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ast2400 Firmware
All versions
Running on/withPlatform Versions
Aspeedtech
Ast2400
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ast2500 Firmware
All versions
Running on/withPlatform Versions
Aspeedtech
Ast2500
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Fas/aff Baseboard Management Controller
All versions

References (6)

Source: cve@mitre.org
PatchThird Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.