CyberSec.Space Logo
Back to CVE Browser

CVE-2019-6260

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0530%
EPSS Percentile7.16th
PublishedJan 22, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup.

Affected Platforms (CPE)

πŸ’»
Aspeedtech

Ast2400 Firmware

All versions
πŸ’»
Aspeedtech

Ast2500 Firmware

All versions
πŸ“¦
Netapp

Fas\/aff Baseboard Management Controller

All versions

References & Advisories

πŸ”— https://security.netapp.com/advisory/ntap-20190314-0001/
πŸ”— https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-785
πŸ”— https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/
πŸ”— https://security.netapp.com/advisory/ntap-20190314-0001/
πŸ”— https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-785
πŸ”— https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/

Related Vulnerabilities

CVE-2026-53430

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Mes...

CVE-2026-48854

Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust...

CVE-2026-48853

Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc all...

CVE-2026-487237.8

The browserstack-cypress-cli is BrowserStack's CLI which allows users to run Cypress tests on BrowserStack. Versions prior to 1.36...