Strix
26.1K

CVE-2004-2600

UnknownEPSS 2.63%

Last modified

CVE-2004-2600 is a vulnerability of currently unknown severity. The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.. EPSS estimates a 2.63% chance of exploitation in the next 30 days.

Description

The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.

Metrics

EPSS Probability
2.63%

83.6th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
IntelCli Auto-Configuration UtilityAll versions
IntelClient System Setup UtilityAll versions
IntelServer Configuration WizardAll versions
IntelServer ControlAll versions
IntelSystem Setup UtilityAll versions
IntelCarrier Grade Server Tigpr2uAll versions
IntelCarrier Grade Server Tsrlt2All versions
IntelCarrier Grade Server Tsrmt2All versions
HpCarrier Grade Server Cc2300a6898a
HpCarrier Grade Server Cc2300a6899a
HpCarrier Grade Server Cc3300a6900a
HpCarrier Grade Server Cc3300a6901a
HpCarrier Grade Server Cc3310a9862a
HpCarrier Grade Server Cc3310a9863a
IntelEntry Server Board Se7210tp1-EAll versions
IntelEntry Server Platform Sr1325tp1-EAll versions
IntelServer Board Scb2All versions
IntelServer Board Sds2All versions
IntelServer Board Se7500wv2All versions
IntelServer Board Se7501hg2All versions
IntelServer Board Shg2All versions
IntelServer Platform Spsh4All versions
IntelServer Platform Sr870bh2All versions
IntelServer Platform Sr870bn4All versions
IntelServer Platform Srsh4All versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2004-2600?
The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled.
How severe is CVE-2004-2600?
Severity scoring for CVE-2004-2600 is pending analysis. The EPSS model estimates a 2.63% probability of exploitation in the next 30 days.
How do I fix CVE-2004-2600?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2004-2600?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST