vulnerability

Amazon Linux AMI 2: CVE-2020-5208: Security patch for ipmitool (ALAS-2020-1420)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	2020-02-05	2020-05-08	2022-09-30

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

2020-02-05

Added

2020-05-08

Modified

2022-09-30

Description

It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19.

Solution(s)

amazon-linux-ami-2-upgrade-bmc-snmp-proxyamazon-linux-ami-2-upgrade-exchange-bmc-os-infoamazon-linux-ami-2-upgrade-ipmitoolamazon-linux-ami-2-upgrade-ipmitool-debuginfo

References

AMAZON-AL2/ALAS-2020-1420
CVE-2020-5208
https://attackerkb.com/topics/CVE-2020-5208

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today