First published: Wed Jan 13 2021(Updated: )
Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j) where Baseboard Management Controller (BMC) firmware Rev1.09 and earlier is applied allows remote attackers to bypass authentication and then obtain/modify BMC setting information, obtain monitoring information, or reboot/shut down the vulnerable product via unspecified vectors.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Nec Baseboard Management Controller | <=1.09 | |
Nec Express5800\/gt110j | ||
Nec Express5800\/t110j | ||
Nec Express5800\/t110j-s | ||
Nec Express5800\/t110j-s \(2nd-gen\) | ||
Nec Express5800\/t110j \(2nd-gen\) | ||
Nec Istorage Ns100ti |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this NEC product vulnerability is CVE-2020-5633.
Multiple NEC products are affected by this vulnerability, including Express5800/T110j, Express5800/T110j-S, Express5800/T110j (2nd-Gen), Express5800/T110j-S (2nd-Gen), iStorage NS100Ti, and Express5800/GT110j.
The severity of CVE-2020-5633 is critical with a CVSS score of 9.8.
Remote attackers can exploit this vulnerability to bypass authentication and gain unauthorized access to affected devices.
Yes, a fix is available for this vulnerability. It is recommended to update the BMC firmware to version 1.10 or later.