Fedora: Security Advisory for ipmitool (FEDORA-2020-92cc67ff5a)

Published: 2020-02-16 04:03:16
CVE Author: NIST National Vulnerability Database (NVD)

CVSS Base Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P

Summary:
The remote host is missing an update for the 'ipmitool' Linux Distribution Package(s) announced via the FEDORA-2020-92cc67ff5a advisory.

Detection Method:
Checks if a vulnerable Linux Distribution Package version is present on the target host.

Technical Details:
This Linux Distribution Package contains a utility for interfacing with devices that support the Intelligent Platform Management Interface specification. IPMI is an open standard for machine health, inventory, and remote power control. This utility can communicate with IPMI-enabled devices through either a kernel driver such as OpenIPMI or over the RMCP LAN protocol defined in the IPMI specification. IPMIv2 adds support for encrypted LAN communications and remote Serial-over-LAN functionality. It provides commands for reading the Sensor Data Repository (SDR) and displaying sensor values, displaying the contents of the System Event Log (SEL), printing Field Replaceable Unit (FRU) information, reading and setting LAN configuration, and chassis power control.

Affected Versions:
'ipmitool' Linux Distribution Package(s) on Fedora 30.

Recommendations:
Please install the updated Linux Distribution Package(s).

Solution Type:
Vendor Patch

Detection Type:
Linux Distribution Package

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2020-5208

References:

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RYYEKUAUTCWICM77HOEGZDVVEUJLP4BP

Search
Severity
Medium
CVSS Score
6.5

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.