CVE-2020-26122

Name of the Vulnerable Software and Affected Versions Inspur NF5266M5 versions 3.21.2 and earlier

Description The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism. An attacker who obtains administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC, allowing remote code execution via administrator privileges.

Recommendations For Inspur NF5266M5 versions 3.21.2 and earlier, consider disabling the BMC program until a patch is available to prevent remote code execution. Restrict access to the BMC to minimize the risk of exploitation. Avoid using the administrator privileges for the BMC until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.