← back
CVE-2020-26122

CVE-2020-26122

EPSS 1.2%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Dec 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://en.inspur.com/en/2487134/index.htmlhttps://en.inspur.com/en/security_bulletins/security_advisory2/2543921/index.html