CVE-2020-4839 - OpenCVE

IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ibm	8335-gca 8335-gca Firmware 8335-gta 8335-gta Firmware 8335-gtb 8335-gtb Firmware

Configuration 1 [-]

AND

cpe:2.3:h:ibm:8335-gca:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:8335-gca_firmware:op820:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:ibm:8335-gta:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:8335-gta_firmware:op820:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:ibm:8335-gtb:-:*:*:*:*:*:*:*

cpe:2.3:o:ibm:8335-gtb_firmware:op820:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://exchange.xforce.ibmcloud.com/vulnerabilities/190037
https://www.ibm.com/support/pages/node/6454303

History

No history.

MITRE

Status: PUBLISHED

Assigner: ibm

Published: 2021-05-25T16:00:16.559134Z

Updated: 2024-09-16T20:31:49.598Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-4839

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-05-25T17:15:07.990

Modified: 2021-05-28T20:39:57.670

Link: CVE-2020-4839

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "8335-GTB", "vendor": "IBM", "versions": [{"status": "affected", "version": "OP820"}]}, {"product": "8335-GTA", "vendor": "IBM", "versions": [{"status": "affected", "version": "OP820"}]}, {"product": "8335-GCA", "vendor": "IBM", "versions": [{"status": "affected", "version": "OP820"}]}], "datePublic": "2021-05-24T00:00:00", "descriptions": [{"lang": "en", "value": "IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitCodeMaturity": "UNPROVEN", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 4.3, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.0/PR:H/UI:N/AC:L/S:U/A:H/AV:N/I:N/C:N/RC:C/RL:O/E:U", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Denial of Service", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-25T16:00:16", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.ibm.com/support/pages/node/6454303"}, {"name": "ibm-bmc-cve20204839-bo (190037)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190037"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "DATE_PUBLIC": "2021-05-24T00:00:00", "ID": "CVE-2020-4839", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "8335-GTB", "version": {"version_data": [{"version_value": "OP820"}]}}, {"product_name": "8335-GTA", "version": {"version_data": [{"version_value": "OP820"}]}}, {"product_name": "8335-GCA", "version": {"version_data": [{"version_value": "OP820"}]}}]}, "vendor_name": "IBM"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037."}]}, "impact": {"cvssv3": {"BM": {"A": "H", "AC": "L", "AV": "N", "C": "N", "I": "N", "PR": "H", "S": "U", "UI": "N"}, "TM": {"E": "U", "RC": "C", "RL": "O"}}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Denial of Service"}]}]}, "references": {"reference_data": [{"name": "https://www.ibm.com/support/pages/node/6454303", "refsource": "CONFIRM", "title": "IBM Security Bulletin 6454303 (8335-GCA)", "url": "https://www.ibm.com/support/pages/node/6454303"}, {"name": "ibm-bmc-cve20204839-bo (190037)", "refsource": "XF", "title": "X-Force Vulnerability Report", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190037"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:14:59.090Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.ibm.com/support/pages/node/6454303"}, {"name": "ibm-bmc-cve20204839-bo (190037)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190037"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2020-4839", "datePublished": "2021-05-25T16:00:16.559134Z", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-09-16T20:31:49.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:8335-gca:-:*:*:*:*:*:*:*", "matchCriteriaId": "8248B644-C241-47A3-97E8-7BEFB49BBA9B", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:8335-gca_firmware:op820:*:*:*:*:*:*:*", "matchCriteriaId": "9872FE01-5CAF-43C6-A89C-965128B99148", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:8335-gta:-:*:*:*:*:*:*:*", "matchCriteriaId": "72984661-F71F-4E16-A29B-8FE35CA20968", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:8335-gta_firmware:op820:*:*:*:*:*:*:*", "matchCriteriaId": "14943D3A-7074-46F7-B359-84F00495EBBA", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ibm:8335-gtb:-:*:*:*:*:*:*:*", "matchCriteriaId": "2620904D-3D2E-4B4C-BC9C-FCDABFDAD157", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:ibm:8335-gtb_firmware:op820:*:*:*:*:*:*:*", "matchCriteriaId": "4C616D01-40E6-4BDC-A2EE-4D9323DB6BFD", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037."}, {"lang": "es", "value": "IBM Host firmware para LC-class Systems es vulnerable a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, causado por una comprobaci\u00f3n inapropiada de l\u00edmites. Un atacante privilegiado remoto podr\u00eda explotar esta vulnerabilidad y causar una denegaci\u00f3n de servicio. IBM X-Force ID: 190037"}], "id": "CVE-2020-4839", "lastModified": "2021-05-28T20:39:57.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "psirt@us.ibm.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-25T17:15:07.990", "references": [{"source": "psirt@us.ibm.com", "tags": ["VDB Entry", "Vendor Advisory"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/190037"}, {"source": "psirt@us.ibm.com", "tags": ["Vendor Advisory"], "url": "https://www.ibm.com/support/pages/node/6454303"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}