CyberSec.Space Logo
Back to CVE Browser

CVE-2021-39296

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0160%
EPSS Percentile39.11th
PublishedSep 9, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.

Affected Platforms (CPE)

πŸ“¦
Openbmc Project

Openbmc

= 2.9.0

References & Advisories

πŸ”— https://github.com/google/security-research/security/advisories/GHSA-gg9x-v835-m48q
πŸ”— https://github.com/openbmc/openbmc
πŸ”— https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html
πŸ”— https://github.com/google/security-research/security/advisories/GHSA-gg9x-v835-m48q
πŸ”— https://github.com/openbmc/openbmc
πŸ”— https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html

Related Vulnerabilities

CVE-2019-41699.1

IBM Open Power Firmware OP910 and OP920 could allow access to BMC via IPMI using default OpenBMC password even after BMC password ...

CVE-2020-141568.8

user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file p...

CVE-2021-477018.8

OpenBMCS 2.4 allows an attacker to escalate privileges from a read user to an admin user by manipulating permissions and exploitin...

CVE-2021-389607.5

IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047.