MidnightBSD

Advisories for inspur

CVE-2020-21224 HIGH

A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-88,

Products Affected

Vendor Product Version
inspur clusterengine 4.0
CVE-2020-26122 MEDIUM

Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-347,

Products Affected

Vendor Product Version
inspur nf5266m5_firmware *
inspur ns5162m5_firmware *
inspur nf5466m5_firmware *
inspur nf8260m5_firmware *
inspur nf5468m5_firmware *
inspur ns5482m5_firmware *
inspur nf5486m5_firmware *
inspur nf5270m5_firmware *
inspur nf5260m5_firmware *
inspur nf8480m5_firmware *
inspur nf5488m5-d_firmware *
inspur nf5280m5_firmware *
inspur ns5484m5_firmware *
inspur nf5180m5_firmware *
inspur ns5488m5_firmware *
CVE-2021-27285

An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.4 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 2.5 5.9

Products Affected

Vendor Product Version
inspur clusterengine 4.0