PT-2026-27437 · Wistron+4 · Wistron Servers+4

Zhihan Zheng

Publicado

2026-01-01

Atualizado

2026-06-03

CVE-2026-33554

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FreeIPMI versions prior to 1.16.17

Description The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management and is implemented by numerous hardware manufacturers to support system management. It is commonly used for sensor reading and remote power control. The ipmi-oem client command implements IPMI OEM commands for specific hardware vendors. Three subcommands were found to have exploitable buffer overflows in response messages: 'ipmi-oem dell get-last-post-code' for retrieving the last POST code and error description on some Dell servers, 'ipmi-oem supermicro extra-firmware-info' for obtaining extra firmware information on Supermicro servers, and 'ipmi-oem wistron read-proprietary-string' for reading a proprietary string on Wistron servers.

Recommendations Versions prior to 1.16.17 should be updated to version 1.16.17 or later.

Correção

DoS

Stack Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121

Identificadores relacionados

ALSA-2026:13515

ALSA-2026:14819

ALSA-2026:19053

ALSA-2026:19208

ALSA-2026:20579

CVE-2026-33554

MGASA-2026-0078

OESA-2026-1737

OESA-2026-1738

OESA-2026-1739

OESA-2026-1740

OESA-2026-1741

OPENSUSE-SU-2026:10436-1

OPENSUSE-SU-2026:20556-1

RHSA-2026:13515

RHSA-2026:14819

RHSA-2026:19053

RHSA-2026:19208

RHSA-2026:20579

SUSE-SU-2026:21212-1

SUSE-SU-2026:21231-1

Produtos afetados

Dell Servers

Freeipmi

Rocky Linux

Supermicro Servers

Wistron Servers

PT-2026-27437 · Wistron+4 · Wistron Servers+4

CVE-2026-33554

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 60