CVE-2020-26122
Summary
| CVE | CVE-2020-26122 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-12-07 16:15:00 UTC |
| Updated | 2020-12-08 17:21:00 UTC |
| Description | Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC. |
Risk And Classification
Problem Types: CWE-347
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Inspur | Nf5180m5 | - | All | All | All |
| Hardware | Inspur | Nf5180m5 | - | All | All | All |
| Operating System | Inspur | Nf5180m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf5180m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf5260m5 | - | All | All | All |
| Hardware | Inspur | Nf5260m5 | - | All | All | All |
| Operating System | Inspur | Nf5260m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf5260m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf5266m5 | - | All | All | All |
| Hardware | Inspur | Nf5266m5 | - | All | All | All |
| Operating System | Inspur | Nf5266m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf5266m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf5270m5 | - | All | All | All |
| Hardware | Inspur | Nf5270m5 | - | All | All | All |
| Operating System | Inspur | Nf5270m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf5270m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf5280m5 | - | All | All | All |
| Hardware | Inspur | Nf5280m5 | - | All | All | All |
| Operating System | Inspur | Nf5280m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf5280m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf5466m5 | - | All | All | All |
| Hardware | Inspur | Nf5466m5 | - | All | All | All |
| Operating System | Inspur | Nf5466m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf5466m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf5468m5 | - | All | All | All |
| Hardware | Inspur | Nf5468m5 | - | All | All | All |
| Operating System | Inspur | Nf5468m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf5468m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf5486m5 | - | All | All | All |
| Hardware | Inspur | Nf5486m5 | - | All | All | All |
| Operating System | Inspur | Nf5486m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf5486m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf5488m5-d | - | All | All | All |
| Hardware | Inspur | Nf5488m5-d | - | All | All | All |
| Operating System | Inspur | Nf5488m5-d Firmware | All | All | All | All |
| Operating System | Inspur | Nf5488m5-d Firmware | All | All | All | All |
| Hardware | Inspur | Nf8260m5 | - | All | All | All |
| Hardware | Inspur | Nf8260m5 | - | All | All | All |
| Operating System | Inspur | Nf8260m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf8260m5 Firmware | All | All | All | All |
| Hardware | Inspur | Nf8480m5 | - | All | All | All |
| Hardware | Inspur | Nf8480m5 | - | All | All | All |
| Operating System | Inspur | Nf8480m5 Firmware | All | All | All | All |
| Operating System | Inspur | Nf8480m5 Firmware | All | All | All | All |
| Hardware | Inspur | Ns5162m5 | - | All | All | All |
| Hardware | Inspur | Ns5162m5 | - | All | All | All |
| Operating System | Inspur | Ns5162m5 Firmware | All | All | All | All |
| Operating System | Inspur | Ns5162m5 Firmware | All | All | All | All |
| Hardware | Inspur | Ns5482m5 | - | All | All | All |
| Hardware | Inspur | Ns5482m5 | - | All | All | All |
| Operating System | Inspur | Ns5482m5 Firmware | All | All | All | All |
| Operating System | Inspur | Ns5482m5 Firmware | All | All | All | All |
| Hardware | Inspur | Ns5484m5 | - | All | All | All |
| Hardware | Inspur | Ns5484m5 | - | All | All | All |
| Operating System | Inspur | Ns5484m5 Firmware | All | All | All | All |
| Operating System | Inspur | Ns5484m5 Firmware | All | All | All | All |
| Hardware | Inspur | Ns5488m5 | - | All | All | All |
| Hardware | Inspur | Ns5488m5 | - | All | All | All |
| Operating System | Inspur | Ns5488m5 Firmware | All | All | All | All |
| Operating System | Inspur | Ns5488m5 Firmware | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Bulletins | MISC | en.inspur.com | Broken Link |
| Security Advisory – Unsignature Verification Vulnerability In Some Inspur BMC | CONFIRM | en.inspur.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.