CVE-2021-39296

Name of the Vulnerable Software and Affected Versions OpenBMC version 2.9

Description The issue is related to the netipmid interface (IPMI lan+) in the OpenBMC embedded operating system, which is associated with errors during the authentication procedure. An attacker can exploit this issue by sending crafted IPMI messages, allowing them to bypass authentication and gain full control of the system.

Recommendations For OpenBMC version 2.9, as a temporary workaround, consider restricting access to the netipmid interface until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.