{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T11:01:46.410","vulnerabilities":[{"cve":{"id":"CVE-2026-33554","sourceIdentifier":"cve@mitre.org","published":"2026-03-24T15:16:35.743","lastModified":"2026-03-24T20:16:30.357","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Three subcommands were found to have exploitable buffer overflows on response messages. They are: \"ipmi-oem dell get-last-post-code - get the last POST code and string describing the error on some Dell servers,\" \"ipmi-oem supermicro extra-firmware-info - get extra firmware info on Supermicro servers,\" and \"ipmi-oem wistron read-proprietary-string - read a proprietary string on Wistron servers.\""},{"lang":"es","value":"ipmi-oem en FreeIPMI anterior a 1.16.17 tiene desbordamientos de búfer explotables en mensajes de respuesta. La especificación de la Interfaz de Gestión de Plataforma Inteligente (IPMI) define un conjunto de interfaces para la gestión de plataformas. Es implementada por un gran número de fabricantes de hardware para soportar la gestión del sistema. Se utiliza más comúnmente para la lectura de sensores (por ejemplo, temperaturas de CPU a través del comando ipmi-sensors dentro de FreeIPMI) y el control remoto de energía (el comando ipmipower). El comando cliente ipmi-oem implementa un conjunto de comandos IPMI OEM para proveedores de hardware específicos. Si un usuario tiene hardware compatible, puede desear usar el comando ipmi-oem para enviar una solicitud a un servidor para recuperar información específica. Se encontró que tres subcomandos tenían desbordamientos de búfer explotables en mensajes de respuesta. Son: 'ipmi-oem dell get-last-post-code - obtener el último código POST y la cadena que describe el error en algunos servidores Dell,' 'ipmi-oem supermicro extra-firmware-info - obtener información extra de firmware en servidores Supermicro,' y 'ipmi-oem wistron read-proprietary-string - leer una cadena propietaria en servidores Wistron.'"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"references":[{"url":"https://ftp.gnu.org/gnu/freeipmi/","source":"cve@mitre.org"},{"url":"https://savannah.gnu.org/bugs/?68140","source":"cve@mitre.org"},{"url":"https://savannah.gnu.org/bugs/?68141","source":"cve@mitre.org"},{"url":"https://savannah.gnu.org/bugs/?68142","source":"cve@mitre.org"}]}}]}