Sign-up

ID

VAR-200702-0128


CVE

CVE-2007-0661


TITLE

Intel Enterprise Southbridge Baseboard Management Controller In IPMI Command issue vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-003310

DESCRIPTION

Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), Intel Server Boards 5000XAL, S5000PAL, S5000PSL, S5000XVN, S5000VCL, S5000VSA, SC5400RA, and OEM Firmware for Intel Enterprise Southbridge Baseboard Management Controller before 20070119, when Intelligent Platform Management Interface (IPMI) is enabled, allow remote attackers to connect and issue arbitrary IPMI commands, possibly triggering a denial of service. By issuing commands to this interface, attackers can trigger denial-of-service conditions, but they cannot gain access to the operating system or data contained in affected computers. Firmware versions prior to release 57 are vulnerable to this issue. Intel Southbridge 2 is the Southbridge used on many Intel server motherboards. But successful exploitation of this vulnerability can only result in a denial of service

Trust: 1.98

sources: NVD: CVE-2007-0661 // JVNDB: JVNDB-2007-003310 // BID: 22341 // VULHUB: VHN-24023

AFFECTED PRODUCTS

vendor:intelmodel:enterprise southbridge 2 bmcscope: - version: -

Trust: 1.4

vendor:intelmodel:server board s5000palscope: - version: -

Trust: 1.4

vendor:intelmodel:server board s5000pslscope: - version: -

Trust: 1.4

vendor:intelmodel:server board s5000vclscope: - version: -

Trust: 1.4

vendor:intelmodel:server board s5000vsascope: - version: -

Trust: 1.4

vendor:intelmodel:server board s5000xalscope: - version: -

Trust: 1.4

vendor:intelmodel:server board s5000xvnscope: - version: -

Trust: 1.4

vendor:intelmodel:server board sc5400rascope: - version: -

Trust: 1.4

vendor:intelmodel:server board s5000xvnscope:eqversion:*

Trust: 1.0

vendor:intelmodel:server board s5000xalscope:eqversion:*

Trust: 1.0

vendor:intelmodel:enterprise southbridge 2 bmcscope:eqversion:*

Trust: 1.0

vendor:intelmodel:server board s5000pslscope:eqversion:*

Trust: 1.0

vendor:intelmodel:server board s5000vsascope:eqversion:*

Trust: 1.0

vendor:intelmodel:enterprise southbridge bmcscope:eqversion:*

Trust: 1.0

vendor:intelmodel:server board sc5400rascope:eqversion:*

Trust: 1.0

vendor:intelmodel:server board s5000palscope:eqversion:*

Trust: 1.0

vendor:intelmodel:server board s5000vclscope:eqversion:*

Trust: 1.0

vendor:intelmodel:enterprise southbridge bmcscope:ltversion:20070119

Trust: 0.8

vendor:intelmodel:enterprise southbridge bmcscope:eqversion:oem

Trust: 0.6

vendor:intelmodel:enterprise southbridge bmcscope:eqversion:20.56

Trust: 0.3

vendor:intelmodel:enterprise southbridge bmcscope:eqversion:20

Trust: 0.3

vendor:intelmodel:enterprise southbridge bmcscope:neversion:20.57

Trust: 0.3

sources: BID: 22341 // JVNDB: JVNDB-2007-003310 // CNNVD: CNNVD-200702-006 // NVD: CVE-2007-0661

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-0661
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-0661
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200702-006
value: MEDIUM

Trust: 0.6

VULHUB: VHN-24023
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2007-0661
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-24023
severity: MEDIUM
baseScore: 5.4
vectorString: AV:A/AC:M/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-24023 // JVNDB: JVNDB-2007-003310 // CNNVD: CNNVD-200702-006 // NVD: CVE-2007-0661

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0661

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-200702-006

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200702-006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-003310

PATCH
title:INTEL-SA-00012url:http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00012&languageid=en-fr
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-003310

EXTERNAL IDS
db:NVDid:CVE-2007-0661
Trust: 2.8
db:BIDid:22341
Trust: 2.0
db:OSVDBid:33044
Trust: 1.7
db:VUPENid:ADV-2007-0432
Trust: 1.7
db:SECUNIAid:23989
Trust: 1.7
db:JVNDBid:JVNDB-2007-003310
Trust: 0.8
db:CNNVDid:CNNVD-200702-006
Trust: 0.7
db:VULHUBid:VHN-24023
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24023 // 
            
            
            
            BID: 22341 // 
            
            
            
            JVNDB: JVNDB-2007-003310 // 
            
            
            
            CNNVD: CNNVD-200702-006 // 
            
            
            
            NVD: CVE-2007-0661

REFERENCES
url:http://lz1.intel.com/psirt/advisory.aspx?intelid=intel-sa-00012&languageid=en-fr
Trust: 1.9
url:http://www.securityfocus.com/bid/22341
Trust: 1.7
url:http://osvdb.org/33044
Trust: 1.7
url:http://secunia.com/advisories/23989
Trust: 1.7
url:http://www.vupen.com/english/advisories/2007/0432
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0661
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0661
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2007/0432
Trust: 0.6
url:http://www.intel.com/
Trust: 0.3
url:http://lz1.intel.com/psirt/advisory.aspx?intelid=intel-sa-00012&languageid=en-fr
Trust: 0.1
sources:
            
            
            VULHUB: VHN-24023 // 
            
            
            
            BID: 22341 // 
            
            
            
            JVNDB: JVNDB-2007-003310 // 
            
            
            
            CNNVD: CNNVD-200702-006 // 
            
            
            
            NVD: CVE-2007-0661

CREDITS
Keith Josephson
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200702-006

SOURCES
db:VULHUBid:VHN-24023
db:BIDid:22341
db:JVNDBid:JVNDB-2007-003310
db:CNNVDid:CNNVD-200702-006
db:NVDid:CVE-2007-0661

LAST UPDATE DATE
2025-04-10T23:19:14.338000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-24023date:2011-03-08T00:00:00
db:BIDid:22341date:2015-05-12T19:34:00
db:JVNDBid:JVNDB-2007-003310date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200702-006date:2007-02-02T00:00:00
db:NVDid:CVE-2007-0661date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-24023date:2007-02-01T00:00:00
db:BIDid:22341date:2007-01-31T00:00:00
db:JVNDBid:JVNDB-2007-003310date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200702-006date:2007-01-31T00:00:00
db:NVDid:CVE-2007-0661date:2007-02-01T22:28:00