CVE-2023-32280

Name of the Vulnerable Software and Affected Versions Intel(R) Server Product OpenBMC versions prior to egs-1.05

Description The issue is related to insufficiently protected credentials in the Intel(R) Server Product OpenBMC firmware. This may allow an unauthenticated user to enable information disclosure via network access. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to egs-1.05, update to version egs-1.05 or later to resolve the issue. As a temporary workaround, consider restricting network access to the OpenBMC firmware to minimize the risk of exploitation.