CVE-2019-11171 : Heap corruption in Intel(R) Baseboard Management Controller firmware may allow a

Heap corruption in Intel(R) Baseboard Management Controller firmware may allow an unauthenticated user to potentially enable information disclosure, escalation of privilege and/or denial of service via network access.

Published 2019-11-14 17:15:14

Updated 2020-08-24 17:37:01

Source Intel Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of serviceInformation leak

Products affected by CVE-2019-11171

Intel » Baseboard Management Controller Firmware
Versions before (<) 2.18
cpe:2.3:o:intel:baseboard_management_controller_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Intel » Bbs2600bpb » Version: N/A
When used together with: Intel » Bbs2600bpbr » Version: N/A
When used together with: Intel » Bbs2600bpq » Version: N/A
When used together with: Intel » Bbs2600bpqr » Version: N/A
When used together with: Intel » Bbs2600bps » Version: N/A
When used together with: Intel » Bbs2600bpsr » Version: N/A
When used together with: Intel » Bbs2600stb » Version: N/A
When used together with: Intel » Bbs2600stbr » Version: N/A
When used together with: Intel » Bbs2600stq » Version: N/A
When used together with: Intel » Bbs2600stqr » Version: N/A
When used together with: Intel » Hns2600bpb » Version: N/A
When used together with: Intel » Hns2600bpb24 » Version: N/A
When used together with: Intel » Hns2600bpb24r » Version: N/A
When used together with: Intel » Hns2600bpb24rx » Version: N/A
When used together with: Intel » Hns2600bpblc » Version: N/A
When used together with: Intel » Hns2600bpblc24 » Version: N/A
When used together with: Intel » Hns2600bpblc24r » Version: N/A
When used together with: Intel » Hns2600bpblcr » Version: N/A
When used together with: Intel » Hns2600bpbr » Version: N/A
When used together with: Intel » Hns2600bpbrx » Version: N/A
When used together with: Intel » Hns2600bpq » Version: N/A
When used together with: Intel » Hns2600bpq24 » Version: N/A
When used together with: Intel » Hns2600bpq24r » Version: N/A
When used together with: Intel » Hns2600bpqr » Version: N/A
When used together with: Intel » Hns2600bps » Version: N/A
When used together with: Intel » Hns2600bps24 » Version: N/A
When used together with: Intel » Hns2600bps24r » Version: N/A
When used together with: Intel » Hns2600bpsr » Version: N/A
When used together with: Intel » Hpchns2600bpbr » Version: N/A
When used together with: Intel » Hpchns2600bpqr » Version: N/A
When used together with: Intel » Hpchns2600bpsr » Version: N/A
When used together with: Intel » Hpcr1208wfqysr » Version: N/A
When used together with: Intel » Hpcr1208wftysr » Version: N/A
When used together with: Intel » Hpcr1304wf0ysr » Version: N/A
When used together with: Intel » Hpcr1304wftysr » Version: N/A
When used together with: Intel » Hpcr2208wf0zsr » Version: N/A
When used together with: Intel » Hpcr2208wfqzsr » Version: N/A
When used together with: Intel » Hpcr2208wftzsr » Version: N/A
When used together with: Intel » Hpcr2208wftzsrx » Version: N/A
When used together with: Intel » Hpcr2224wftzsr » Version: N/A
When used together with: Intel » Hpcr2308wftzsr » Version: N/A
When used together with: Intel » Hpcr2312wf0npr » Version: N/A
When used together with: Intel » Hpcr2312wftzsr » Version: N/A
When used together with: Intel » R1208wfqysr » Version: N/A
When used together with: Intel » R1208wftys » Version: N/A
When used together with: Intel » R1208wftysr » Version: N/A
When used together with: Intel » R1304wf0ys » Version: N/A
When used together with: Intel » R1304wf0ysr » Version: N/A
When used together with: Intel » R1304wftys » Version: N/A
When used together with: Intel » R1304wftysr » Version: N/A
When used together with: Intel » R2208wf0zs » Version: N/A
When used together with: Intel » R2208wf0zsr » Version: N/A
When used together with: Intel » R2208wfqzs » Version: N/A
When used together with: Intel » R2208wfqzsr » Version: N/A
When used together with: Intel » R2208wftzs » Version: N/A
When used together with: Intel » R2208wftzsr » Version: N/A
When used together with: Intel » R2208wftzsrx » Version: N/A
When used together with: Intel » R2224wfqzs » Version: N/A
When used together with: Intel » R2224wftzs » Version: N/A
When used together with: Intel » R2224wftzsr » Version: N/A
When used together with: Intel » R2308wftzs » Version: N/A
When used together with: Intel » R2308wftzsr » Version: N/A
When used together with: Intel » R2312wf0np » Version: N/A
When used together with: Intel » R2312wf0npr » Version: N/A
When used together with: Intel » R2312wfqzs » Version: N/A
When used together with: Intel » R2312wftzs » Version: N/A
When used together with: Intel » R2312wftzsr » Version: N/A
When used together with: Intel » S2600stb » Version: N/A
When used together with: Intel » S2600stbr » Version: N/A
When used together with: Intel » S2600stq » Version: N/A
When used together with: Intel » S2600stqr » Version: N/A
When used together with: Intel » S2600wf0 » Version: N/A
When used together with: Intel » S2600wf0r » Version: N/A
When used together with: Intel » S2600wfq » Version: N/A
When used together with: Intel » S2600wfqr » Version: N/A
When used together with: Intel » S2600wft » Version: N/A
When used together with: Intel » S2600wftr » Version: N/A
When used together with: Intel » S9232wk1hlc » Version: N/A
When used together with: Intel » S9232wk2hac » Version: N/A
When used together with: Intel » S9232wk2hlc » Version: N/A
When used together with: Intel » S9248wk1hlc » Version: N/A
When used together with: Intel » S9248wk2hac » Version: N/A
When used together with: Intel » S9248wk2hlc » Version: N/A
When used together with: Intel » S9256wk1hlc » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-11171

EPSS FAQ

0.55%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-11171

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-11171

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-11171

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html

INTEL-SA-00313
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-11171

Products affected by CVE-2019-11171

Exploit prediction scoring system (EPSS) score for CVE-2019-11171

CVSS scores for CVE-2019-11171

CWE ids for CVE-2019-11171

References for CVE-2019-11171