Improper Access Control in BMC Firmware for Intel Server Boards
CVE-2023-29164

5.8MEDIUM

Key Information:

Vendor: Intel
Status: Intel(r) Server Board S2600wf, Intel(r) Server Board S2600st, Intel(r) Server Board S2600bp, Intel(r) Server Board M50cyp And Intel(r) Server Board D50tnp
Vendor: CVE Published:; 12 February 2025

Summary

An improper access control vulnerability exists in the BMC Firmware for several Intel Server Boards, enabling an authenticated attacker to escalate privileges via local access. This can potentially lead to unauthorized modifications and raise security concerns, especially for organizations relying on these server solutions. Users are advised to upgrade to the latest firmware versions to mitigate the risk associated with this vulnerability. For further guidance, refer to Intel's security advisory.

Affected Version(s)

Intel(R) Server Board S2600WF, Intel(R) Server Board S2600ST, Intel(R) Server Board S2600BP, Intel(R) Server Board M50CYP and Intel(R) Server Board D50TNP See references

References

https://intel.com/content/www/us/en/security-center/advis...

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Jun 9, 2023