CVE-2019-11168 : Insufficient session validation in Intel(R) Baseboard Management Controller firm

Insufficient session validation in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure and/or denial of service via network access.

Published 2019-11-14 17:15:14

Updated 2021-07-21 11:39:24

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Denial of serviceInformation leak

Products affected by CVE-2019-11168

Intel » Baseboard Management Controller Firmware
Versions before (<) 2.18
cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Bbs2600bpb » Version: N/A
When used together with: Intel » Bbs2600bpbr » Version: N/A
When used together with: Intel » Bbs2600bpq » Version: N/A
When used together with: Intel » Bbs2600bpqr » Version: N/A
When used together with: Intel » Bbs2600bps » Version: N/A
When used together with: Intel » Bbs2600bpsr » Version: N/A
When used together with: Intel » Bbs2600stb » Version: N/A
When used together with: Intel » Bbs2600stbr » Version: N/A
When used together with: Intel » Bbs2600stq » Version: N/A
When used together with: Intel » Bbs2600stqr » Version: N/A
When used together with: Intel » Hns2600bpb » Version: N/A
When used together with: Intel » Hns2600bpb24 » Version: N/A
When used together with: Intel » Hns2600bpb24r » Version: N/A
When used together with: Intel » Hns2600bpb24rx » Version: N/A
When used together with: Intel » Hns2600bpblc » Version: N/A
When used together with: Intel » Hns2600bpblc24 » Version: N/A
When used together with: Intel » Hns2600bpblc24r » Version: N/A
When used together with: Intel » Hns2600bpblcr » Version: N/A
When used together with: Intel » Hns2600bpbr » Version: N/A
When used together with: Intel » Hns2600bpbrx » Version: N/A
When used together with: Intel » Hns2600bpq » Version: N/A
When used together with: Intel » Hns2600bpq24 » Version: N/A
When used together with: Intel » Hns2600bpq24r » Version: N/A
When used together with: Intel » Hns2600bpqr » Version: N/A
When used together with: Intel » Hns2600bps » Version: N/A
When used together with: Intel » Hns2600bps24 » Version: N/A
When used together with: Intel » Hns2600bps24r » Version: N/A
When used together with: Intel » Hns2600bpsr » Version: N/A
When used together with: Intel » Hpchns2600bpbr » Version: N/A
When used together with: Intel » Hpchns2600bpqr » Version: N/A
When used together with: Intel » Hpchns2600bpsr » Version: N/A
When used together with: Intel » Hpcr1208wfqysr » Version: N/A
When used together with: Intel » Hpcr1208wftysr » Version: N/A
When used together with: Intel » Hpcr1304wf0ysr » Version: N/A
When used together with: Intel » Hpcr1304wftysr » Version: N/A
When used together with: Intel » Hpcr2208wf0zsr » Version: N/A
When used together with: Intel » Hpcr2208wfqzsr » Version: N/A
When used together with: Intel » Hpcr2208wftzsr » Version: N/A
When used together with: Intel » Hpcr2208wftzsrx » Version: N/A
When used together with: Intel » Hpcr2224wftzsr » Version: N/A
When used together with: Intel » Hpcr2308wftzsr » Version: N/A
When used together with: Intel » Hpcr2312wf0npr » Version: N/A
When used together with: Intel » Hpcr2312wftzsr » Version: N/A
When used together with: Intel » R1208wfqysr » Version: N/A
When used together with: Intel » R1208wftys » Version: N/A
When used together with: Intel » R1208wftysr » Version: N/A
When used together with: Intel » R1304wf0ys » Version: N/A
When used together with: Intel » R1304wf0ysr » Version: N/A
When used together with: Intel » R1304wftys » Version: N/A
When used together with: Intel » R1304wftysr » Version: N/A
When used together with: Intel » R2208wf0zs » Version: N/A
When used together with: Intel » R2208wf0zsr » Version: N/A
When used together with: Intel » R2208wfqzs » Version: N/A
When used together with: Intel » R2208wfqzsr » Version: N/A
When used together with: Intel » R2208wftzs » Version: N/A
When used together with: Intel » R2208wftzsr » Version: N/A
When used together with: Intel » R2208wftzsrx » Version: N/A
When used together with: Intel » R2224wfqzs » Version: N/A
When used together with: Intel » R2224wftzs » Version: N/A
When used together with: Intel » R2224wftzsr » Version: N/A
When used together with: Intel » R2308wftzs » Version: N/A
When used together with: Intel » R2308wftzsr » Version: N/A
When used together with: Intel » R2312wf0np » Version: N/A
When used together with: Intel » R2312wf0npr » Version: N/A
When used together with: Intel » R2312wfqzs » Version: N/A
When used together with: Intel » R2312wftzs » Version: N/A
When used together with: Intel » R2312wftzsr » Version: N/A
When used together with: Intel » S2600stb » Version: N/A
When used together with: Intel » S2600stbr » Version: N/A
When used together with: Intel » S2600stq » Version: N/A
When used together with: Intel » S2600stqr » Version: N/A
When used together with: Intel » S2600wf0 » Version: N/A
When used together with: Intel » S2600wf0r » Version: N/A
When used together with: Intel » S2600wfq » Version: N/A
When used together with: Intel » S2600wfqr » Version: N/A
When used together with: Intel » S2600wft » Version: N/A
When used together with: Intel » S2600wftr » Version: N/A
When used together with: Intel » S9232wk1hlc » Version: N/A
When used together with: Intel » S9232wk2hac » Version: N/A
When used together with: Intel » S9232wk2hlc » Version: N/A
When used together with: Intel » S9248wk1hlc » Version: N/A
When used together with: Intel » S9248wk2hac » Version: N/A
When used together with: Intel » S9248wk2hlc » Version: N/A
When used together with: Intel » S9256wk1hlc » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-11168

EPSS FAQ

1.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 75 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-11168

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial
9.1	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H	3.9	5.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: High

References for CVE-2019-11168

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html

INTEL-SA-00313
Vendor Advisory

CVEs referencing this url
https://support.f5.com/csp/article/K64346530?utm_source=f5support&utm_medium=RSS

Third Party Advisory

Jump to

Vulnerability Details : CVE-2019-11168

Products affected by CVE-2019-11168

Exploit prediction scoring system (EPSS) score for CVE-2019-11168

CVSS scores for CVE-2019-11168

References for CVE-2019-11168