Denial of Service Vulnerability in Huawei iBMC for RH1288, RH2288, RH5885, and XH Series Servers
CVE-2016-6900

5.5MEDIUM

Key Information:

Vendor: Huawei
Status: Rh1288 V3 Server Firmware; Rh2288 V3 Server Firmware; Rh2288h V3 Server Firmware; Xh620 V3 Server Firmware
Vendor: CVE Published:; 7 September 2016

Summary

The Intelligent Baseboard Management Controller (iBMC) in various Huawei server models is susceptible to a denial of service attack. This vulnerability allows local users to trigger resource consumption issues within the iBMC, potentially leading to operational disruptions. Systems running specific software versions prior to outlined updates are particularly at risk. It is crucial for users of affected server models to apply the necessary patches to mitigate this vulnerability.

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 7, 2016
Vulnerability Reserved
Aug 22, 2016