Openbmc-project Openbmc — known CVE vulnerabilities
Every CVE whose affected-product data names Openbmc-project Openbmc, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-39296 — CVSS 10.0 (critical): In OpenBMC 2.9, crafted IPMI messages allow an attacker to bypass authentication and gain full control of the system.
CVE-2020-14156 — CVSS 8.8 (high): user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file…
CVE-2022-2809 — CVSS 8.2 (high): A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. When fuzzing the multipart_parser code using AFL++…
CVE-2022-3409 — CVSS 8.2 (high): A vulnerability in bmcweb of OpenBMC Project allows user to cause denial of service. This vulnerability was identified during mitigation…
CVE-2021-39295 — CVSS 7.5 (high): In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid (IPMI lan+) interface.
CVE-2022-35729 — CVSS 7.5 (high): Out of bounds read in firmware for OpenBMC in some Intel(R) platforms before version 0.72 may allow unauthenticated user to potentially…