CVE-2020-26122
7.2
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.2 / Impact: 5.9
Source: NVD
Description
Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.
Affected (15)
Products: Inspur: Nf8480m5 Firmware, Nf8260m5 Firmware, Ns5162m5 Firmware, Ns5488m5 Firmware, Ns5484m5 Firmware, Ns5482m5 Firmware, Nf5280m5 Firmware, Nf5468m5 Firmware, Nf5488m5 D Firmware, Nf5180m5 Firmware, Nf5270m5 Firmware, Nf5260m5 Firmware, Nf5266m5 Firmware, Nf5466m5 Firmware, Nf5486m5 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.19.34 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf8480m5 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.19.34 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf8260m5 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.5.3 |
| Running on/with | Platform Versions |
|---|---|
Inspur Ns5162m5 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.19.33 |
| Running on/with | Platform Versions |
|---|---|
Inspur Ns5488m5 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.19.33 |
| Running on/with | Platform Versions |
|---|---|
Inspur Ns5484m5 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.19.33 |
| Running on/with | Platform Versions |
|---|---|
Inspur Ns5482m5 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.26.6 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5280m5 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.18.51 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5468m5 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.18.51 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5488m5 D | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.18.2 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5180m5 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.9.1 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5270m5 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.8.0 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5260m5 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.21.3 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5266m5 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 4.28.0 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5466m5 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 3.22.0 |
| Running on/with | Platform Versions |
|---|---|
Inspur Nf5486m5 | All versions |
References (4)
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.