Intel Baseboard Management Controller (BMC) Firmware Advisory Intel ID: INTEL-SA-00149 Advisory Category: Firmware Impact of Vulnerability: Escalation of Privilege, Denial of Service Severity Rating: HIGH Original Release: 09/11/2018 Last Revised: 09/11/2018 Summary A potential security vulnerability in Intel® Baseboard Management Controller (BMC) firmware may allow escalation of privilege or denial of service. Intel is releasing updates for Intel® Baseboard Management Controller (BMC) firmware to mitigate this potential vulnerability. Vulnerability Details CVE ID: CVE-2018-12171 Description: Privilege escalation in Intel® Baseboard Management Controller (BMC) firmware before version 1.43.91f76955 may allow an unprivileged user to potentially execute arbitrary code or perform denial of service over the network. CVSS Base Score: 8.3 High CVSS Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products Recommendations Intel recommends that users of affected products upgrade to the latest platform firmware package. Download links are provided for the different product families. Acknowledgements Intel would like to thank Lenovo for reporting this issue and working with us on coordinated disclosure.