CVE-2019-6260

CRITICAL LAB

ASPEED ast2400/2500 - Info Disclosure

Title source: llm

Description

The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or from the network in unusual cases where the BMC console uart is attached to a serial concentrator). This CVE applies to the specific cases of iLPC2AHB bridge Pt I, iLPC2AHB bridge Pt II, PCIe VGA P2A bridge, DMA from/to arbitrary BMC memory via X-DMA, UART-based SoC Debug interface, LPC2AHB bridge, PCIe BMC P2A bridge, and Watchdog setup.

Exploits (2)

nomisec WORKING POC 5 stars

by nikitapbst · poc

https://github.com/nikitapbst/cve-2019-6260

View Code ZIP pw:eip

inthewild WORKING POC

poc

https://github.com/amboar/cve-2019-6260

View Code ZIP pw:eip

References (3)

[Patch, Third Party Advisory] https://security.netapp.com/advisory/ntap-20190314-0001/

[Third Party Advisory] https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-785

[Third Party Advisory] https://www.flamingspork.com/blog/2019/01/23/cve-2019-6260:-gaining-control-of-bmc-from-the-host-processor/

Scores

CVSS v3 9.8

EPSS 0.0201

EPSS Percentile 83.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY

Community Lab

docker pull mcr.microsoft.com/devcontainers/base:ubuntu

https://github.com/nikitapbst/cve-2019-6260

https://github.com/amboar/cve-2019-6260

View in Library

Details

Status published

Products (3)

aspeedtech/ast2400_firmware

aspeedtech/ast2500_firmware

netapp/fas\/aff_baseboard_management_controller

Published Jan 22, 2019

Tracked Since Feb 18, 2026