CVE-2026-33554

| EUVD-2026-14899 HIGH
2026-03-24 mitre GHSA-382w-q5p9-3f2h
7.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 24, 2026 - 14:45 vuln.today
EUVD ID Assigned
Mar 24, 2026 - 14:45 euvd
EUVD-2026-14899
CVE Published
Mar 24, 2026 - 00:00 nvd
HIGH 7.5

Tags

Debian Buffer Overflow Dell Stack Overflow

Description

ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Three subcommands were found to have exploitable buffer overflows on response messages. They are: "ipmi-oem dell get-last-post-code - get the last POST code and string describing the error on some Dell servers," "ipmi-oem supermicro extra-firmware-info - get extra firmware info on Supermicro servers," and "ipmi-oem wistron read-proprietary-string - read a proprietary string on Wistron servers."

Analysis

FreeIPMI versions before 1.16.17 contain exploitable buffer overflow vulnerabilities in the ipmi-oem command's response message handling for three vendor-specific subcommands: Dell's get-last-post-code, Supermicro's extra-firmware-info, and Wistron's read-proprietary-string. An attacker who can intercept or control IPMI server responses could trigger these buffer overflows to achieve arbitrary code execution on systems running vulnerable versions of FreeIPMI. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 7 days: Identify all affected systems running FreeIPMI and apply vendor patches promptly. If patching is delayed, consider network segmentation to limit exposure.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

38
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +38
POC: 0

Vendor Status

Debian

freeipmi
Release Status Fixed Version Urgency
bullseye vulnerable 1.6.6-4+deb11u1 -
bookworm vulnerable 1.6.10-1 -
trixie vulnerable 1.6.15-1 -
forky, sid vulnerable 1.6.16-1 -
(unstable) fixed (unfixed) -

Share

CVE-2026-33554 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy