Hewlett Packard Enterprise Product Security Vulnerability Alerts

AMI Aspeed Open BMC Reconfiguration and Security Override, AKA Pantsdown, Security Vulnerability (CVE-2019-6260)

Version 4.0 :  Last Updated: October 30, 2019

This website is updated frequently, as new product information becomes available.

On January 23rd of 2019, Stewart Smith, a security researcher, released a blog disclosing attacks using operating systems level attacks against underlying computer systems components called Baseband management Controllers or BMCs. The vulnerability was given a nickname called Pantsdown due to the surprising nature of the attack. CVE-2019-6260 was assigned to this issue. The attack was also asserted to be used in the so called ‘Cloudborne’ attack discussed in media. The BMC attacks could allow for the low level firmware to be reflashed, hardware passwords to be changed, and for the system to become inoperable. Impacted BMCs from 3rd party vendors are being assessed, and updates will be provided from HPE.

Usage Instructions and Definitions for CVE Vulnerability Information

Data

Definition

Product Category

High-level product description.

Product Sub-Category

Medium-level product description.

Product Name

Detailed product description.

 

(Impacted)

Indicates whether the specific product is affected by the cited vulnerability.

 

If Impacted - Mitigation or

Information regarding how to address a vulnerability.

Under Investigation

Link(s) to security bulletin (Vendor)

Link to Vendor's Security Bulletin.

 

Use the following table to find vulnerability information by entering the name of the product (e.g. ML350) in the search box.

Product Category

Sub Category

Product Name

Impacted

Mitigation and Notes

Customer Bulletin

Security Bulletin

Servers

Cloudline

CL2100 G3 806R (Broadwell)

Yes

Fixed in BMC 1.0 and BIOS 4C4C2140.

 

 

Servers

Cloudline

CL2100 G3 407S/807S (Broadwell)

Yes

Fixed in BMC 1.0 .1and BIOS 4D4C2170.

 

 

Servers

Cloudline

CL2100 G3 407S/807S (Haswell)

Yes

Prior to BMC 0.6 and BIOS DC1F122A. Fix is under development.

 

 

Servers

Cloudline

CL2200 G3 1211R (Broadwell)

Yes

Prior to BMC 1.01 and BIOS 4B4C2130. Fix is under development.

 

 

Servers

Cloudline

CL2200 G3 1211R (Haswell)

Yes

Prior to BMC 1.01 and BIOS DC1F112B. Fix is under development.

 

 

Servers

Cloudline

CL3100 G3

Yes

Prior to BMC v1.11 and BIOS 2F4C2260. Fix in BIOS 2F4C2270.

 

 

Servers

Cloudline

CL3100 Gen10

Yes

Fixed in BMC 1.09.0 and BIOS 1.14.0.

 

 

Servers

Cloudline

CL4100 Gen10

Yes

Fixed in BMC 1.09.0 and BIOS 1.14.0.

 

 

Servers

Cloudline

CL5200 G3

Yes

Fixed in BMC 1.06.0 and BIOS 1.13.0.

 

 

Servers

Cloudline

CL5200 Gen9

Yes

Fixed in BMC 1.06.0 and BIOS 1.13.0.

 

 

Servers

Cloudline

CL5800 Gen9

Yes

Fixed in BMC 1.08.0 and BIOS 1.07.0.

 

 

Servers

Cloudline

CL2100 Gen10

Yes

Fixed in BMC 1.16.0. No BIOS update is needed, since ASPEED vBIOS v1.03.5 is included in the first BIOS release 1.0.1.

 

 

Servers

Cloudline

CL2200 Gen10

Yes

Fixed in BMC 1.16.0. No BIOS update is needed, since ASPEED vBIOS v1.03.5 is included in the first BIOS release 1.0.1.

 

 

Storage

Nimble

AF1000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

AF3000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

AF5000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

AF7000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

AF9000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

CS1000H

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

CS1000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

CS3000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

CS5000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.

 

 

Storage

Nimble

CS7000

Yes

BMC Communications Port disabled by default. Product doesn't allow arbitrary code execution.