CVE-2004-2600 : The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped

The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

Published 2004-12-31 05:00:00

Updated 2017-07-11 01:32:03

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-2600

Probability of exploitation activity in the next 30 days: 1.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 84 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-2600

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2004-2600

Products affected by CVE-2004-2600

HP » Carrier Grade Server Cc2300 » Version: A6898a
cpe:2.3:h:hp:carrier_grade_server_cc2300:a6898a:*:*:*:*:*:*:*
Matching versions
HP » Carrier Grade Server Cc2300 » Version: A6899a
cpe:2.3:h:hp:carrier_grade_server_cc2300:a6899a:*:*:*:*:*:*:*
Matching versions
HP » Carrier Grade Server Cc3300 » Version: A6900a
cpe:2.3:h:hp:carrier_grade_server_cc3300:a6900a:*:*:*:*:*:*:*
Matching versions
HP » Carrier Grade Server Cc3300 » Version: A6901a
cpe:2.3:h:hp:carrier_grade_server_cc3300:a6901a:*:*:*:*:*:*:*
Matching versions
HP » Carrier Grade Server Cc3310 » Version: A9863a
cpe:2.3:h:hp:carrier_grade_server_cc3310:a9863a:*:*:*:*:*:*:*
Matching versions
HP » Carrier Grade Server Cc3310 » Version: A9862a
cpe:2.3:h:hp:carrier_grade_server_cc3310:a9862a:*:*:*:*:*:*:*
Matching versions
Intel » Cli Auto-configuration Utility
cpe:2.3:a:intel:cli_auto-configuration_utility:*:*:*:*:*:*:*:*
Matching versions
Intel » Client System Setup Utility
cpe:2.3:a:intel:client_system_setup_utility:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Configuration Wizard
cpe:2.3:a:intel:server_configuration_wizard:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Control
cpe:2.3:a:intel:server_control:*:*:*:*:*:*:*:*
Matching versions
Intel » System Setup Utility
cpe:2.3:a:intel:system_setup_utility:*:*:*:*:*:*:*:*
Matching versions
Intel » Carrier Grade Server Tigpr2u
cpe:2.3:h:intel:carrier_grade_server_tigpr2u:*:*:*:*:*:*:*:*
Matching versions
Intel » Carrier Grade Server Tsrlt2
cpe:2.3:h:intel:carrier_grade_server_tsrlt2:*:*:*:*:*:*:*:*
Matching versions
Intel » Carrier Grade Server Tsrmt2
cpe:2.3:h:intel:carrier_grade_server_tsrmt2:*:*:*:*:*:*:*:*
Matching versions
Intel » Entry Server Board Se7210tp1-e
cpe:2.3:h:intel:entry_server_board_se7210tp1-e:*:*:*:*:*:*:*:*
Matching versions
Intel » Entry Server Platform Sr1325tp1-e
cpe:2.3:h:intel:entry_server_platform_sr1325tp1-e:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Board Scb2
cpe:2.3:h:intel:server_board_scb2:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Board Sds2
cpe:2.3:h:intel:server_board_sds2:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Board Se7500wv2
cpe:2.3:h:intel:server_board_se7500wv2:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Board Se7501hg2
cpe:2.3:h:intel:server_board_se7501hg2:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Board Shg2
cpe:2.3:h:intel:server_board_shg2:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Platform Spsh4
cpe:2.3:h:intel:server_platform_spsh4:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Platform Sr870bh2
cpe:2.3:h:intel:server_platform_sr870bh2:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Platform Sr870bn4
cpe:2.3:h:intel:server_platform_sr870bn4:*:*:*:*:*:*:*:*
Matching versions
Intel » Server Platform Srsh4
cpe:2.3:h:intel:server_platform_srsh4:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2004-2600

Exploit prediction scoring system (EPSS) score for CVE-2004-2600

CVSS scores for CVE-2004-2600

References for CVE-2004-2600

Products affected by CVE-2004-2600