An error occurred:

Check: 2010-B-0098

windows 7 iavm: 2010-B-0098 (in version v1 r32)

Title

Intel Xeon Baseboard Management Component (BMC) Privilege Escalation Vulnerability (Cat II impact)

Discussion

Intel has released a security advisory addressing a privilege escalation vulnerability in Intel Xeon Baseboard Management Component (BMC) firmware. To exploit this vulnerability, a remote attacker would utilize various tactics, techniques and procedures (TTP). If successfully exploited, this vulnerability would allow a remote attacker the ability to deny service to legitimate users, escalate privileges and compromise the affected system. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. Baseboard Management Component Privilege Escalation Vulnerability: Under certain circumstances a privilege escalation issue is present in the Baseboard Management Component (BMC) firmware for Intel Xeon 5500, 5600 Series products. A knowledgeable remote malicious attacker could leverage this issue to deny service to legitimate users. This issue was found during internal validation testing and Intel has not received any reports of it being exploited externally.

Check Content

See the IAVM notice and vendor bulletin for additional information. Vulnerable Applications/Systems: Intel Xeon 5500 Series BMC Firmware Intel Xeon 5600 Series BMC Firmware There are multiple ways of telling what your current version of BMC firmware. You can use any one of the following methods: Reboot or power cycle the system. During POST after video comes up press F2 to go into Setup. After you are in setup use the right or left arrow keys to select the Server Management tab. Then use the down arrow to highlight System Information and then press enter. Use the sysconfig utility that comes with the IntelĀ® Deployment Assistant CD that came with your system. Command to run: sysconfig /i BMC Fix included in this version or higher Intel Xeon 5500 Series BMC Firmware 00.53 or higher Intel Xeon 5600 Series BMC Firmware 00.53 or higher

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-25619

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
No CCIs are assigned to this check

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check